proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-07 15:31:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

untaint path

Browse Source
This commit is contained in:
Dietmar Maurer 2012-06-06 13:06:51 +02:00
parent 437be042c2
commit 1e15ebe7b5
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -2,7 +2,7 @@ RELEASE=2.1
VERSION=1.0 VERSION=1.0
PACKAGE=libpve-access-control PACKAGE=libpve-access-control
PKGREL=23 PKGREL=24
DESTDIR= DESTDIR=
PREFIX=/usr PREFIX=/usr

3
PVE/RPCEnvironment.pm
View File

@ -304,6 +304,9 @@ sub check_volume_access {
if $user ne 'root@pam'; if $user ne 'root@pam';
$path = abs_path($volid); $path = abs_path($volid);
if ($path =~ m|^(/.+)$|) {
$path = $1; # untaint any path
}
} }
return $path; return $path;
} }

6
changelog.Debian
View File

@ -1,3 +1,9 @@
libpve-access-control (1.0-24) unstable; urgency=low
* untaint path (allow root to restore arbitrary paths)
-- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
libpve-access-control (1.0-23) unstable; urgency=low libpve-access-control (1.0-23) unstable; urgency=low
* correctly compute GUI capabilities (consider pools) * correctly compute GUI capabilities (consider pools)