From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 37D5374D7B for ; Wed, 23 Jun 2021 06:44:18 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 21C1F2D69F for ; Wed, 23 Jun 2021 06:43:48 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id E8EBD2D68E for ; Wed, 23 Jun 2021 06:43:46 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A8F45425B9 for ; Wed, 23 Jun 2021 06:43:46 +0200 (CEST) Message-ID: Date: Wed, 23 Jun 2021 06:43:36 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Thunderbird/90.0 Content-Language: en-US To: Stoiko Ivanov Cc: Proxmox VE development discussion References: <20210622142824.18773-1-s.ivanov@proxmox.com> <5f4ba4d0-8092-0096-5b10-7f02d50fc865@proxmox.com> <20210622171022.23690ff6@rosa.proxmox.com> <80dd1c9f-75c8-9010-9267-8b3191f09e0a@proxmox.com> <20210622185204.37a259bf@rosa.proxmox.com> From: Thomas Lamprecht In-Reply-To: <20210622185204.37a259bf@rosa.proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.687 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH common] run_command: untaint end of buffer X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2021 04:44:18 -0000 On 22.06.21 18:52, Stoiko Ivanov wrote: > On Tue, 22 Jun 2021 17:15:08 +0200 > Thomas Lamprecht wrote: > >> On 22.06.21 17:10, Stoiko Ivanov wrote: >>> I had a patch for untainting the individual values in >>> PVE::Storage::Plugin::volume_size_info but then went with this patch, >> >> I'd rather have that patch, especially for back-porting to stable. > Makes sense - sent the patch for pve-storage > >> I mean, else we can probably just turn of the taint mode completely, what's the >> point then. > I'm always a bit (too) cautious when it comes to turning of 'security' > related 'features' (even if mostly doubting that taint-mode fits either of > those 2 categories) - so not sure about disabling it in general > > the taint of the some of the run_command output on the other hand was > introduced as a side-effect with the changes last year afaict, and has it really wasn't, it gave no guarantees and some callers did not checked for it, some floated up then, if we just blindly untainted anything it just has no benefit to run under taint mode, especially as we want to move over as much as possible to run_command anyway. Rather than just band-aiding it somewhere in the middle with a catch all regex that *completely* defeats the purpose of the concept of tainting, it can be better to either just disable or fix the few places where it's actual wrong with a local decision about how closely we can restrict the untainting, sometimes a match-all is all it can realistically be there, but not always. > caused at least 2 glitches since then... > which is really not much, and the whole "fool me once, ..." should make it easier to spot any remaining one ;-P