X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FRPCEnvironment.pm;h=faa4fb2486e8ad5d5896cf862c1afe7da6154c8e;hp=af2eee80e3ce80222595c42a42b238cd528bdbaf;hb=1e15ebe7b535fde0da6205dff7efda781f1aaca9;hpb=1cf154b72fa1c576bdae00b24538c1dbd7c33ba0

diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index af2eee8..faa4fb2 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -304,6 +304,9 @@ sub check_volume_access {
 	    if $user ne 'root@pam';
 
 	$path = abs_path($volid);
+	if ($path =~ m|^(/.+)$|) {
+	    $path = $1; # untaint any path
+	}
     }
     return $path;
 }
@@ -820,14 +823,14 @@ sub check_worker {
 # STDOUT,STDERR are redirected to the filename returned by upid_decode
 # NOTE: we simulate running in foreground if ($self->{type} eq 'cli')
 sub fork_worker {
-    my ($self, $dtype, $id, $user, $function) = @_;
+    my ($self, $dtype, $id, $user, $function, $background) = @_;
 
     $dtype = 'unknown' if !defined ($dtype);
     $id = '' if !defined ($id);
 
     $user = 'root@pve' if !defined ($user);
 
-    my $sync = $self->{type} eq 'cli' ? 1 : 0;
+    my $sync = ($self->{type} eq 'cli' && !$background) ? 1 : 0;
 
     local $SIG{INT} = 
 	local $SIG{QUIT} =