untaint path

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)
diff --git a/Makefile b/Makefile

index bbea6a90dd5db376dde9fd1ce97d7674e848c003..2ffede487aaca785c7ba2774e6ae2bc97c62ea4b 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ RELEASE=2.1
  
  VERSION=1.0
  PACKAGE=libpve-access-control
-PKGREL=23
+PKGREL=24
  
  DESTDIR=
  PREFIX=/usr
diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm

index 7532e9eca0245dd76f11d75dcd3c9c85081c840f..faa4fb2486e8ad5d5896cf862c1afe7da6154c8e 100644 (file)
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -304,6 +304,9 @@ sub check_volume_access {
             if $user ne 'root@pam';
  
         $path = abs_path($volid);
+       if ($path =~ m|^(/.+)$|) {
+           $path = $1; # untaint any path
+       }
      }
      return $path;
  }
diff --git a/changelog.Debian b/changelog.Debian

index 6d442f36d37f2ea77c99951c04a216fe65e81c3c..4517038fce75d8ddcdb493cd57ff56baef0ab1e6 100644 (file)
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,3 +1,9 @@
+libpve-access-control (1.0-24) unstable; urgency=low
+
+  * untaint path (allow root to restore arbitrary paths)
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200
+
  libpve-access-control (1.0-23) unstable; urgency=low
  
    * correctly compute GUI capabilities (consider pools)
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 6 Jun 2012 11:06:51 +0000 (13:06 +0200)
Makefile		patch \| blob \| blame \| history
PVE/RPCEnvironment.pm		patch \| blob \| blame \| history
changelog.Debian		patch \| blob \| blame \| history