From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B26C09282E for ; Tue, 13 Sep 2022 09:38:09 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A06A01E5D1 for ; Tue, 13 Sep 2022 09:37:39 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 13 Sep 2022 09:37:38 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8246C437A8 for ; Tue, 13 Sep 2022 09:37:38 +0200 (CEST) Date: Tue, 13 Sep 2022 09:37:29 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Leo Nunner , Proxmox VE development discussion , Thomas Lamprecht References: <20220912122539.85794-1-l.nunner@proxmox.com> <1662985982.t6rahmo5l4.astroid@nora.none> <49d3280a-3144-1411-3911-1f2138476116@proxmox.com> In-Reply-To: <49d3280a-3144-1411-3911-1f2138476116@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1663054348.eenwetkj80.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.160 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH v2 container] fix #4192: revamp check for systemd version X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2022 07:38:09 -0000 On September 12, 2022 4:01 pm, Thomas Lamprecht wrote: > Am 12/09/2022 um 14:41 schrieb Fabian Gr=C3=BCnbichler: >>> Instead of iterating through several folders, it might just be easier t= o >>> check the ldd output of /sbin/init and getting the version from there. >>> Furthermore, the regex for checking the version has been adapted so tha= t >>> it's more precise. >> ldd is not suited for this purpose for security reasons, since /sbin/ini= t=20 >> is a user/attacker-controlled binary in this case and we are only in a=20 >> chroot while doing the setup, not really containerized. given a crafted=20 >> container template/backup archive/.. this could execute arbitrary code. >>=20 >> it's manpage suggests using >>=20 >> objdump -p /path/to/binary >>=20 >> and looking at the lines with "NEEDED", which seems to me should be fine= =20 >> for what we want to achieve here =F0=9F=98=84 >>=20 >=20 > tbf, I suggested using something like ldd here, but I mostly meant if we = actually > need to further extend this than simply checking three instead of two pat= hs. >=20 > But I actually like the much shorter code, so from that POV it could be a= nicer > option, but it makes us dependent on actually executing code from the CT = archive, > which also assumes the availability of something like ldd or objdump, whi= ch may > not be the case in all templates? yeah, objdump from the host would need to be used (else we'd be back to=20 square one and execute code from the container template/backup=20 archive/.. without adequate protection). probably needs additional=20 safeguards like resolving /sbin/init from the system with checks to=20 prevent escape from the container /. > Two small nits w.r.t. to the v2 still inline. >=20 > Am 12/09/2022 um 14:25 schrieb Leo Nunner: >> + my $version =3D undef; >> + PVE::Tools::run_command( >> + [ >> + 'ldd', >> + '/sbin/init' >> + ], >=20 > you can put the array ref in one line, e.g., with Fabian relayed manpage > suggestion it'd be fine to do: >=20 > [ 'objdump', '-p', '/sbin/init' ], see above ;) the whole thing would need to be revamped to no longer=20 happen in "protected_call" context, but instead in host context without=20 chroot, except for the symlink resolve part. at that point it might not=20 be nicer anymoe than the original approach of checking a few paths,=20 although it would have the benefit of being much more future-proof=20 w.r.t. distros/upstream/.. deciding on new funny places to put that=20 library ;) >> + outfunc =3D> sub { >> + my $line =3D shift; >> + if ($line =3D~ /^\s*libsystemd-shared-(\d+)(?:\.[a-zA-Z0-9]*)?\.so= /) { >> + $version =3D $1; >> + }}, >> + errmsg =3D> "ldd on /sbin/init failed" >=20 > above is missing a trailing comma, which would ensure that any possible a= ddition of an > option in the future won't need to touch an unrelated line. >=20 >> + ); >> + >> + return $version; >> } >=20 >=20