On Tue, Oct 05, 2010 at 04:03:47PM +0200, Dejan Muhamedagic wrote:
> > So it is run periodically by root (well, the lrmd, as root).
> > Even though the cwd of lrmd should be ok, permission wise, in case the
> > script does cd into somewhere (I don't think it does, now) where someone
> > with lesser privilege was able to place some evil *.so, the next command
> > executed by the script may do interesting things.
>
> I really doubt that, though it looks dangerous, there is a way to
> exploit this without root access.
You never know.
The script itself may not, but it starts something else,
which may cd somewhere else, then fork/exec.
> > Simply doing
> > #remove it, if present.
> > LD_LIBRARY_PATH=${LD_LIBRARY_PATH#"$DIR_EXECUTABLE"}
> > #remove possible remaining leading :
> > LD_LIBRARY_PATH=${LD_LIBRARY_PATH#:}
> > #prepend it
> > LD_LIBRARY_PATH=$DIR_EXECUTABLE:$LD_LIBRARY_PATH
> > #remove possible trailing :
> > LD_LIBRARY_PATH=${LD_LIBRARY_PATH%:}
>
> Hmm, this smells like bashisms, are they?
No, I don't think so. But they are not strictly correct,
if $D is only a prefix of the first component of $L...
Let's see, how about this (using dash as my
"reference most stupid shell readily available"):
#!/bin/dash
prepend_unless_member() {
local l d
l=$1 d=$2;
case $l in
"$d"|"$d":*|*:"$d"|*:"$d":*)
# already member
;;
"")
# empty, don't add a separator
l=$d;;
*)
# prepend
l=$d:$l;;
esac;
echo "prepend '$d' to '$1' unless member results in $l";
}
dir=TRY
for l in "" $dir $dir:bla:foo bla:$dir:foo bla:foo:$dir bla bla:foo; do
prepend_unless_member "$l" "$dir"
done
results in:
prepend 'TRY' to '' unless member results in TRY
prepend 'TRY' to 'TRY' unless member results in TRY
prepend 'TRY' to 'TRY:bla:foo' unless member results in TRY:bla:foo
prepend 'TRY' to 'bla:TRY:foo' unless member results in bla:TRY:foo
prepend 'TRY' to 'bla:foo:TRY' unless member results in bla:foo:TRY
prepend 'TRY' to 'bla' unless member results in TRY:bla
prepend 'TRY' to 'bla:foo' unless member results in TRY:bla:foo
looks good to me.
If it is required that $d has to become the first component, not be
directly duplicated, but possibly repeated in a later component, then
- "$d"|"$d":*|*:"$d"|*:"$d":*)
+ "$d"|"$d":*)
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
