Package: btrbk
Version: 0.27.1-1+deb10u1
Severity: normal
Dear Maintainer,
In the security upload for CVE-2021-38173 the ssh_filter_btrbk.sh
script was changed. This, however, introduced a regression for me as
my btrbk clients use the command
sudo -n btrfs subvolume list -a -c -u -q -R /srv/backup
However, ssh_filter_btrbk.sh only allows this pattern
sudo -n btrfs subvolume list [0-9a-zA-Z_@+./-]*
I.e., options to `btrfs subvolume list` are not permitted.
I fixed this using this modified pattern:
allow_exact_cmd "${sudo_prefix}btrfs subvolume list (${option_match}(
${option_match})*)? ${file_match}";
Best,
Maximilian
