From 07e1bbbf14bc5dbe426822068d140d28896dc43d Mon Sep 17 00:00:00 2001 From: David Disseldorp via samba-technical Date: Sat, 26 Aug 2017 23:40:37 +0200 Subject: [PATCH] tests/fake_snap: sanitize paths Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths and the PATH env. This fixes the following samba3.rpc.fsrvp selftest failures: Insecure dependency in mkdir while running setgid at (eval 2) line 4. snap create failed: NT_STATUS_UNSUCCESSFUL snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144 (cherry picked from commit f9d4158f0b002b482df0a919d4cb337cce81f9f8) --- source3/script/tests/fake_snap.pl | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/source3/script/tests/fake_snap.pl b/source3/script/tests/fake_snap.pl index d1233f375b0..18bbcb7142e 100755 --- a/source3/script/tests/fake_snap.pl +++ b/source3/script/tests/fake_snap.pl @@ -5,14 +5,25 @@ use strict; use File::Path qw(rmtree); use POSIX (); +sub _untaint_path +{ + my ($path) = @_; + + if ($path =~ /^(.*)$/) { + return $1; + } + die "bad path"; +} + sub _create_snapshot { - my ($base_path) = @_; + my ($base_path) = _untaint_path(shift); my $time_str = POSIX::strftime("%Y.%m.%d-%H.%M.%S" , localtime()); my $snap_path = $base_path . "/.snapshots/\@GMT-" . $time_str; my $ret; - POSIX::mkdir($base_path . "/.snapshots", 0777); + $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH + POSIX::mkdir($base_path . "/.snapshots", 0755); # add trailing slash to src path to ensure that only contents is copied $ret = system("rsync", "-a", "--exclude=.snapshots/", "${base_path}/", @@ -28,7 +39,8 @@ sub _create_snapshot sub _delete_snapshot { - my ($base_path, $snap_path) = @_; + my $base_path = _untaint_path(shift); + my $snap_path = _untaint_path(shift); # we're doing a recursive delete, so do some sanity checks if ((index($snap_path, $base_path) != 0) || (index($snap_path, ".snapshots") == -1)) { @@ -36,6 +48,7 @@ sub _delete_snapshot return -1; } + $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH rmtree($snap_path, {error => \my $err}); if (@$err) { for my $diag (@$err) { -- 2.13.5