-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/03/12 15:03, Jonathan K. Bullard wrote: > On Fri, Mar 23, 2012 at 10:18 AM, Gert Doering <g...@greenie.muc.de > <mailto:g...@greenie.muc.de>> wrote: > > Hi, > > <snip> > > Thank you, Gert, for your detailed comments on my first attempt at > this patch. > > The patch is meant to fix problems in the new-in-2.3 checking of > options before trying to create the connection. Options that accept a > command parameter instead of a path parameter fail if the command > parameter includes spaces or more than just a command path. The > following options are affected: --tls-verify, --up, --down, > --ipchange, --route-up, --route-pre-down, and --learn-address. > > I've looked into this a bit more, and have found that where the > options are actually used, argv_printf() is called to parse the > command line into an argv structure. argv_printf uses parse_line() to > do the actual parsing, and parse_line() processes single- and > double-quotes and backslashes. I think that when options.c __checks__ > an options command arguments, it should accept exactly the same input > as the part of OpenVPN that __uses__ the option's commands. > > Attached is a heavily revised version of my original patch. It uses > argv_printf() to __check__ an option's commands, so it accepts exactly > the same input as the parts of OpenVPN that __use__ the options' > commands. It also makes all the relevant changes suggested by Gert > except having the argument following --iproute checked. The --iproute > code is handled differently than the other options, and I think it is > OK that we don't do checking in 2.3 on something that wasn't checked > in 2.2 and (apparently) might go away sometime soon.
Thanks a lot! I have one more comment to what Gert and Fabian has already covered. Instead of adding wrapper function, check_cmd_access(), would it be possible to integrate this with check_file_access() and add another type flag, f.ex: #define CHKACC_EXEC (1<<5) /** Filename is an executable, ignore exec args */ Then you can just flip the type flag from CHKACC_FILE to CHKACC_EXEC. If this type is checked for, enforcing an X_OK mode check in addition is probably reasonable too. kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9zVFcACgkQDC186MBRfrpH4ACfQ/9ySeXkOnuxI/jaEpgKmpXG c6kAnRVnqYIvQ6dH1rfXjyj5IUpBMh6+ =bTBw -----END PGP SIGNATURE-----
