[augeas-devel] FreeBSD /etc/rc.conf
Richard W.M. Jones
rjones at redhat.com
Thu Nov 18 12:29:25 UTC 2010
On Thu, Nov 18, 2010 at 01:20:17PM +0100, Mathieu Arnold wrote:
>
>
> +--On 18 novembre 2010 11:52:45 +0000 "Richard W.M. Jones"
> <rjones at redhat.com> wrote:
> | (meant to send this to augeas-devel)
> |
> | [In response to a private point about shell quoting]
> |
> | You could ask this question another way: What happens if the new value
> | I want to set comes from some external untrusted source, and it
> | contains shell metacharacters? Is it the responsibility of the caller
> | to escape it correctly, or is this something that Augeas should do?
> | If it is the caller that should do it, how should the caller know?
> | I can easily see an exploit taking place because some caller was not
> | aware of the need to do escaping.
>
> Well, augeas should not escape things, I mean, I have rc.conf looking like
> this :
>
> cloned_interfaces=""
> ifconfig_le0="up"
> # vlan 2025
> cloned_interfaces="$cloned_interfaces le0.2025 carp25"
I think how Augeas deals with the flexibility of these
configuration-like shell scripts is a separate matter.
Let's say I had a program to set the hostname of a virtual machine.
(This is not mere idle speculation: libguestfs lets you write such
scripts easily).
Without care on my part, someone could try to set the hostname to
"$(echo toor::0:0:root:/:/bin/sh > /etc/passwd)" or whatever and thus
escalate a mere hostname change into a back door.
Question is, who is responsible for stopping that from happening? I
think the answer should involve Augeas, either doing the escaping, or
providing hints to upper layers so we know what to escape.
The same problem applies to Fedora configuration files BTW, but not to
Debian/Ubuntu since they use a separate file which contains the
hostname.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
More information about the augeas-devel
mailing list