[Ovirt-devel] [PATCH node] Updated the configuration processing to remove the need for scripts.
Jim Meyering
jim at meyering.net
Thu Oct 9 17:57:26 UTC 2008
Jim Meyering <jim at meyering.net> wrote:
> "Darryl L. Pierce" <dpierce at redhat.com> wrote:
...
>> + modconf=$(awk '/bonding=/ {
>> + match($0, "bonding=(.*)", data)
>> + split(data[1], mod, "|")
>> +
>> + alias=mod[1]
>> + options=mod[2]
>> +
>> + printf("install %s /sbin/modprobe bonding -o %s %s\n",
>> + alias, module, alias, options)
>
> We need to do some sanitization (perl calls this untainting) here.
> I.e., we want to reject malicious parameters like "; rm -rf /" or
> "& start-stealthy-daemon...".
>
> So, match alias, module, and options for bogus shell meta-characters,
> or probably-better, accept only a limited alphabet, maybe just
> search for anything matching this /[^[:alnum:]=_ at -]/
>
>> + }' $CONFIG)
>
> You'll want to diagnose bogosity from within the awk script
> and exit nonzero to tell the shell to fail:
>
> ...
> }' $CONFIG) || exit 1;
Hi Darryl,
Here's a little stand-alone script to demonstrate what I meant:
#!/bin/sh
ME=$(basename "$0")
warn() { printf "$ME: $@\n" >&2; }
cat <<\EOF > in
bonding=;rm -rf /|b|c
EOF
modconf=$(awk '/bonding=/ {
match($0, "bonding=(.*)", data)
split(data[1], mod, "|")
if (match("[^[:alnum:]=_ at -]", mod[1]) >= 0)
{ printf "invalid bonding alias: \"%s\"\n", mod[1]; exit 1; }
alias=mod[1]
printf("install %s bonding", alias)
}' in) || { warn "$modconf"; exit 2; }
echo "$modconf"
--------------------------------
It has to be a little tricky that since awk is run from a subshell,
which means its stderr would be ignored, so instead of printing its
own diagnostic, it just prints it to stdout, and the invoker knows
to use the result in _its_ diagnostic when the awk script exits nonzero.
More information about the ovirt-devel
mailing list