[lxc-devel] [ lxc-Bugs-3113612 ] lxc-* tools are vulnerable for arguments with spaces
SourceForge.net
noreply at sourceforge.net
Sat Nov 20 15:23:06 UTC 2010
Bugs item #3113612, was opened at 2010-11-20 20:23
Message generated for change (Tracker Item Submitted) made by socketpair
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3113612&group_id=163076
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: lxc cli
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Марк (socketpair)
Assigned to: Nobody/Anonymous (nobody)
Summary: lxc-* tools are vulnerable for arguments with spaces
Initial Comment:
root at mmarkk-work:/usr/bin# fgrep '$*' lxc*
lxc-ls:ls $* $lxcpath
lxc-ls: cd $mount_point; ls $* -d $active
lxc-netstat:for i in $*; do
lxc-netstat: exec /usr/bin/lxc-unshare -s MOUNT -- $0 -n $name --exec $*
lxc-netstat: exec netstat $*
lxc-setcap:set -- $(getopt dh $*)
lxc-setcap:for i in $*; do
lxc-setuid:set -- $(getopt dh $*)
lxc-setuid:for i in $*; do
$* should be converted to "$@" (yes, with quotes).
so (for example) lxc-ls should be changed:
ls "$@" "$lxcpath"
The same for other arguments.
In BASH, if xxx="abc def",
some_cmd $xxx
will expand to
some_cmd "abc" "def"
and
some_cmd "$xxx"
will be expanded to
some_cmd "abc def"
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3113612&group_id=163076
More information about the lxc-devel
mailing list