diff options
author | Pascal Terjan <pterjan@google.com> | 2013-02-01 15:52:48 +0000 |
---|---|---|
committer | Pascal Terjan <pterjan@gmail.com> | 2014-01-19 05:13:33 +0000 |
commit | f9482ff799e8b11c6b05ba6bca24558cd4f7fad2 (patch) | |
tree | a0b4c0d728c7fb06e08cc47f5fc3fa3809059fc0 | |
parent | 1a3aea490feaaae4c7f63418c8b460c2408056a8 (diff) | |
download | iurt-f9482ff799e8b11c6b05ba6bca24558cd4f7fad2.tar iurt-f9482ff799e8b11c6b05ba6bca24558cd4f7fad2.tar.gz iurt-f9482ff799e8b11c6b05ba6bca24558cd4f7fad2.tar.bz2 iurt-f9482ff799e8b11c6b05ba6bca24558cd4f7fad2.tar.xz iurt-f9482ff799e8b11c6b05ba6bca24558cd4f7fad2.zip |
Fix some of the vulnerabilities in iurt_root_command
-rwxr-xr-x | iurt_root_command | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/iurt_root_command b/iurt_root_command index 7abd842..3104062 100755 --- a/iurt_root_command +++ b/iurt_root_command @@ -243,7 +243,6 @@ sub rm { my ($_run, $opt, @files) = @_; my $ok = 1; my $done; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; foreach my $f (@files) { if (-d $f) { @@ -251,7 +250,7 @@ sub rm { plog('WARN', "can't remove directories without the -r option"); $ok = 0; } else { - if ($f =~ m,$unauthorized,) { + if (!check_path_authorized($f)) { plog('FAIL', "removal of $f forbidden"); $ok = 0; } else { @@ -261,7 +260,7 @@ sub rm { } } } else { - if ($f =~ m,/$unauthorized,) { + if (!check_path_authorized($f)) { plog("removal of $f forbidden"); $ok = 0; } else { @@ -271,7 +270,7 @@ sub rm { if ($f =~ /[*?]/) { foreach my $file (glob $f) { - if ($f =~ m,$unauthorized,) { + if (!check_path_authorized($f)) { plog('FAIL', "removal of $f forbidden"); $ok = 0; } else { @@ -297,11 +296,7 @@ sub cp { my $ok = 1; my $done; my $dest = pop @files; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; - if ($dest =~ /$unauthorized/ || $dest eq '/') { - plog('FAIL', "copying to $dest forbidden"); - return; - } + check_path_authorized($dest) or return; foreach my $f (@files) { if (-d $f) { if (!$opt->{recursive}) { @@ -340,11 +335,7 @@ sub cp { sub ln { my ($_run, $_opt, $file1, $file2) = @_; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; - if ($file2 =~ /$unauthorized/ || $file2 eq '/') { - plog('FAIL', "linking to $file2 forbidden"); - return; - } + check_path_authorized($file1) && check_path_authorized($file2) or return; link $file1, $file2; } |