John Franks wrote:
Hi Toralf,
First off, I rather like your approach to configuration files.
A little research shows that the explicit test was introduced to plug
a security hole reported by PERL... See BUG #1353481 for more information.
I'm piping in here, and expanding the audience to include amanda_hackers,
since the change seems to impact my work on allowing spaces in file names.
(Currently checked into sourceforge 2.5.1 branch.)
The current check is a little too strict and will strip out spaces and
control
characters, all of which are valid according to POSIX rules.
(POSIX allows any character except '/' or NULL is allowable.)
I'm proposing an alternate solution to our mutual problems:
Sanitize file name by simply rejecting any '..' path component
in a configuration name.
This should allow any arbitrary character in the configuration name
and prevent any attempts to use a configuration outside of the
amanda configuration directory.
Toralf: will this work for you?
Hackers: will this pass security muster?
Hi John,
I like your proposal and it will work nicely for amstatus. For other Amanda applications,
we need to filter user input carefully especially in the cases that the user-input will be
passed to mail-cmd, exec() and system().
--
Thank you!
Kevin Till
Amanda documentation: http://wiki.zmanda.com
Amanda forums: http://forums.zmanda.com
