Bug#996266: btrbk: Patch for CVE-2021-38173 breaks standard btrbk backup

Tue, 12 Oct 2021 11:12:16 -0700 

Package: btrbk
Version: 0.27.1-1+deb10u1
Severity: important

Dear Maintainer,
Starting with version 0.27.1-1+deb10u1 ssh_filter_btrbk.sh rejects commands issued via ssh by btrbk of the same version on a remote host:
root@off-site ~ # /usr/sbin/btrbk --progress archive on-site.example.com:/mnt/backup/dc /mnt/backup/on-site.example.com/dc ERROR: ssh_filter_btrbk.sh: ssh command rejected: disallowed command: sudo -n btrfs subvolume list -a -c -u -q -R /mnt/backup ERROR: Failed to fetch subvolume detail for 'on-site.example.com:/mnt/backup/dc'
Downgrading to 0.27.1-1 restores the expected functionality. A subsequent diff unsurprisingly shows that the only meaningful difference is the patch[1] for CVE-2021-38173 introduced by 0.27.1-1+deb10u1.
According to `man 1 ssh_filter_btrbk` listing subvolumes is always allowed and not restricted. Without any of the parameters set by btrbk itself this actually still works:
root@off-site ~ # ssh -l btrbk -i /etc/btrbk/ssh/id_ed25519 on-site.example.com sudo -n btrfs subvolume list /mnt/backup 
  ID 19675 gen 66861 top level 1057 path some/subvolume
  [...]

But any parameter after `list` causes the command to be rejected:
root@off-site ~ # ssh -l btrbk -i /etc/btrbk/ssh/id_ed25519 on-site.example.com sudo -n btrfs subvolume list -a /mnt/backup ERROR: ssh_filter_btrbk.sh: ssh command rejected: disallowed command: sudo -n btrfs subvolume list -a /mnt/backup
In my opinion the patch is breaking core functionality. The only "work-around" besides downgrading is not using `ssh_filter_btrbk.sh` which is probably worse than the fixed vulnerability. Newer upstream versions of btrbk provide a revised version of the affected script. Please advise. 

Kind Regards
Leonhard Preis
[1] https://sources.debian.org/patches/btrbk/0.27.1-1+deb10u1/CVE-2021-38173.patch/ 


-- System Information:
Debian Release: 10.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-18-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) 
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages btrbk depends on:
ii  btrfs-progs [btrfs-tools]  4.20.1-2
ii  perl                       5.28.1-6+deb10u1

Versions of packages btrbk recommends:
ii  mbuffer         20190127+ds1-1
ii  openssh-client  1:7.9p1-10+deb10u2
ii  pv              1.6.6-1

Versions of packages btrbk suggests:
ii  openssl  1.1.1d-0+deb10u7
ii  python3  3.7.3-1

-- no debconf information

Reply via email to