From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id F32D577011 for ; Thu, 21 Oct 2021 10:47:48 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E6A1F1AF47 for ; Thu, 21 Oct 2021 10:47:18 +0200 (CEST) Received: from mx-out.trafficplex.de (mx-out.trafficplex.de [IPv6:2a00:f48:2000:affe:1337:2:0:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5AC611AF3E for ; Thu, 21 Oct 2021 10:47:18 +0200 (CEST) From: =?UTF-8?q?Phillipp=20R=C3=B6ll?= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lima-city.de; s=managedbylima-20161105; t=1634806025; bh=b8f8Jm63IQJYtDcxyJhYzQhc5Qb9/c7kCpo8C4ByiXM=; h=From:To:Subject:Date:From; b=cyS26xWdJyStwqpXRXRDyiwY2F7Xydu3cs9w2UpTrKsfRoqH/0p1mzh3RfR4mV0Ff Ykpr34pYXVTMkpV3VCde3bGWHvHcv5o2/fWifTA4q31mU7G3prujBaPi2VR/8tJHtk VpZryvcqWA4vI90FNrsss5DvsoeUcsHovopKR7k4= To: pve-devel@lists.proxmox.com Date: Thu, 21 Oct 2021 10:46:50 +0200 Message-Id: <20211021084650.26753-1-pr@lima-city.de> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH] Check only first part of script parameter for executability X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2021 08:47:49 -0000 When giving a script parameter including arguments to the dump process, the full script parameter including the arguments is checked for executablility. The following will always abort with a "not executable" error: vzdump 100 --script "/usr/local/bin/myscript.pl myarg" If we split the script argument and check only the first part, the check works as expected. --- PVE/VZDump.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm index 88ac11b3..fe1a7f23 100644 --- a/PVE/VZDump.pm +++ b/PVE/VZDump.pm @@ -630,7 +630,9 @@ sub run_hook_script { my $script = $opts->{script}; return if !$script; - if (!-x $script) { + my @script_args = split /\s+/, $script; + + if (!-x $script_args[0]) { die "The hook script '$script' is not executable.\n"; } -- 2.33.0