[lxc-devel] [ lxc-Bugs-3113612 ] lxc-* tools are vulnerable for arguments with spaces
SourceForge.net
noreply at sourceforge.net
Mon Mar 7 00:54:31 UTC 2011
Bugs item #3113612, was opened at 2010-11-20 16:23
Message generated for change (Settings changed) made by dlezcano
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3113612&group_id=163076
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: lxc cli
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Марк (socketpair)
Assigned to: Nobody/Anonymous (nobody)
Summary: lxc-* tools are vulnerable for arguments with spaces
Initial Comment:
root at mmarkk-work:/usr/bin# fgrep '$*' lxc*
lxc-ls:ls $* $lxcpath
lxc-ls: cd $mount_point; ls $* -d $active
lxc-netstat:for i in $*; do
lxc-netstat: exec /usr/bin/lxc-unshare -s MOUNT -- $0 -n $name --exec $*
lxc-netstat: exec netstat $*
lxc-setcap:set -- $(getopt dh $*)
lxc-setcap:for i in $*; do
lxc-setuid:set -- $(getopt dh $*)
lxc-setuid:for i in $*; do
$* should be converted to "$@" (yes, with quotes).
so (for example) lxc-ls should be changed:
ls "$@" "$lxcpath"
The same for other arguments.
In BASH, if xxx="abc def",
some_cmd $xxx
will expand to
some_cmd "abc" "def"
and
some_cmd "$xxx"
will be expanded to
some_cmd "abc def"
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3113612&group_id=163076
More information about the lxc-devel
mailing list