[lxc-devel] [PATCH] lxc-* tools are vulnerable for arguments with spaces

Michel Normand michel.mno at free.fr
Tue Mar 15 19:19:07 UTC 2011 

this is related to the bug
http://sourceforge.net/tracker/?func=detail&aid=3113612&group_id=163076&atid=826303
that suggested to modify bash lxc script to properly use "$@" in place of "$*"

Signed-off-by: Michel Normand <michel.mno at free.fr>
---
 src/lxc/lxc-ls.in      |    4 ++--
 src/lxc/lxc-netstat.in |    6 +++---
 src/lxc/lxc-setcap.in  |    4 ++--
 src/lxc/lxc-setuid.in  |    6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/lxc/lxc-ls.in b/src/lxc/lxc-ls.in
index 7d2dad0..3cd7c24 100644
--- a/src/lxc/lxc-ls.in
+++ b/src/lxc/lxc-ls.in
@@ -18,7 +18,7 @@ function get_cgroup()
 	fi
 }
 
-ls $* $lxcpath
+ls "$@" $lxcpath
 
 active=$(netstat -xa | grep $lxcpath | \
 	sed -e 's#.*'"$lxcpath/"'\(.*\)/command#\1#');
@@ -26,6 +26,6 @@ active=$(netstat -xa | grep $lxcpath | \
 if test -n "$active"; then
 	get_cgroup
 	if test -n "$mount_point"; then
-		cd $mount_point; ls $* -d $active
+		cd $mount_point; ls "$@" -d $active
 	fi
 fi
diff --git a/src/lxc/lxc-netstat.in b/src/lxc/lxc-netstat.in
index 9d9f767..9f3e9f3 100644
--- a/src/lxc/lxc-netstat.in
+++ b/src/lxc/lxc-netstat.in
@@ -25,7 +25,7 @@ if [ $# -eq  0 ]; then
 	exit 1
 fi
 
-for i in $*; do
+for i in "$@"; do
 	case $i in
 		-h|--help)
 			help; exit 1;;
@@ -37,7 +37,7 @@ for i in $*; do
 done
 
 if [ -z "$exec" ]; then
-    exec @BINDIR@/lxc-unshare -s MOUNT -- $0 -n $name --exec $*
+    exec @BINDIR@/lxc-unshare -s MOUNT -- $0 -n $name --exec "$@"
 fi
 
 if [ -z "$name" ]; then
@@ -72,4 +72,4 @@ if [ -z "$pid" ]; then
 fi
 
 mount --bind /proc/$pid/net /proc/$$/net && \
-    exec netstat $*
+    exec netstat "$@"
diff --git a/src/lxc/lxc-setcap.in b/src/lxc/lxc-setcap.in
index cc719b5..3226769 100644
--- a/src/lxc/lxc-setcap.in
+++ b/src/lxc/lxc-setcap.in
@@ -83,9 +83,9 @@ if [ $? != 0 ]; then
     exit 1
 fi
 
-set -- $(getopt dh $*)
+set -- $(getopt dh "$@")
 
-for i in $*; do
+for i in "$@"; do
     case "$1" in
 	-d)
 	    LXC_DROP_CAPS="yes"
diff --git a/src/lxc/lxc-setuid.in b/src/lxc/lxc-setuid.in
index 86d7d4a..b1bbfff 100644
--- a/src/lxc/lxc-setuid.in
+++ b/src/lxc/lxc-setuid.in
@@ -81,9 +81,9 @@ if [ $? != 0 ]; then
     exit 1
 fi
 
-set -- $(getopt dh $*)
+set -- $(getopt dh "$@")
 
-for i in $*; do
+for i in "$@"; do
     case "$1" in
 	-d)
 	    LXC_DROP_CAPS="yes"
@@ -108,4 +108,4 @@ if [ -z "$LXC_DROP_CAPS" ]; then
     lxc_setuid
 else
     lxc_dropuid
-fi
\ No newline at end of file
+fi
-- 
1.7.1

More information about the lxc-devel mailing list