From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Stoiko Ivanov <s.ivanov@proxmox.com>
Subject: Re: [pve-devel] [PATCH common] run_command: untaint end of buffer
Date: Tue, 22 Jun 2021 16:41:50 +0200 [thread overview]
Message-ID: <5f4ba4d0-8092-0096-5b10-7f02d50fc865@proxmox.com> (raw)
In-Reply-To: <20210622142824.18773-1-s.ivanov@proxmox.com>
On 22.06.21 16:28, Stoiko Ivanov wrote:
> The performance improvements added in
> cb9db10c1a9855cf40ff13e81f9dd97d6a9b2698 changed the output handling
> to not remove the taintedness (see perlsec (1)) of the complete output
> anymore.
>
> This results in a few bugs which show up every now and then, and are
> usually quite tedious to hunt down - usually they only occur when
> run via GUI (since pveproxy/pvedaemon run in taint-mode, whereas our
> CLI utilities usually do not) - see for example pve-storage commit
> 609f117ff24d2cff6b155e1d4b1175ceebe5bd7b
>
> or more recently the report in our community-forum:
> https://forum.proxmox.com/threads/cannot-clone-vm-or-move-disk-with-more-than-13-snapshots.89628/
> (the magic number of 13 snapshots is the point where the output of
> `qemu-img info --output=json` grows to more than 4k)
>
> Given the doubtful security benefit of having to untaint output, only
> if it does not end in new-line or if it is longer than 4k (we read
> the output in 4k chunks) simply untaint the output unconditionally.
>
> Tested with the reproducer from the forum-thread
>
this long message nowhere talks about what the actual issue is, can we rather
fix that in the clone call?
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> Huge thanks to Dominik who pointed me in the right direction, after I
> spend far more time than I'm proud to admit in the JSON::XS source,
> perlsec(1), perlguts(1) and the surprisingly unhelpful output of
> debugperl -Du
>
> src/PVE/Tools.pm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 8946e93..eb140ae 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -516,7 +516,7 @@ sub run_command {
> &$outfunc($line) if $outfunc;
> &$logfunc($line) if $logfunc;
> }
> - $outlog .= $buf;
> + ($outlog) .= ($buf =~ /(.*)/); #untaint
> };
> my $err = $@;
> if ($err) {
> @@ -537,7 +537,7 @@ sub run_command {
> &$errfunc($line) if $errfunc;
> &$logfunc($line) if $logfunc;
> }
> - $errlog .= $buf;
> + ($errlog) .= ($buf =~ /(.*)/); #untaint
> };
> my $err = $@;
> if ($err) {
>
next prev parent reply other threads:[~2021-06-22 14:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 14:28 Stoiko Ivanov
2021-06-22 14:41 ` Thomas Lamprecht [this message]
2021-06-22 15:10 ` Stoiko Ivanov
2021-06-22 15:15 ` Thomas Lamprecht
2021-06-22 16:52 ` Stoiko Ivanov
2021-06-23 4:43 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5f4ba4d0-8092-0096-5b10-7f02d50fc865@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.ivanov@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox