From 57029783f938a06223bae58abfdb5f7ddbc2b70c Mon Sep 17 00:00:00 2001 From: Christoph Anton Mitterer Date: Fri, 25 Nov 2022 02:22:09 +0100 Subject: [PATCH] ssh_filter_btrbk.sh: forbid non-absolute pathnames to --restrict-path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds a function which checks whether a pathname is absolute and rejects and values to the `--restrict-path`-option which are not. The idea here is mostly a safeguard for users to prevent accidentally specified non-absolute pathnames, which would be taken relative to the executing user’s home-directory. Signed-off-by: Christoph Anton Mitterer --- ssh_filter_btrbk.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ssh_filter_btrbk.sh b/ssh_filter_btrbk.sh index b8ac75e..782f01f 100755 --- a/ssh_filter_btrbk.sh +++ b/ssh_filter_btrbk.sh @@ -23,6 +23,21 @@ file_match_sane='/[0-9a-zA-Z_@+./-]*' # matches file path (equal to ${file_match file_match="/[^']*" # btrbk >= 0.32.0 quotes file arguments: match all but single quote file_arg_match="('${file_match}'|${file_match_sane})" # support btrbk < 0.32.0 +is_pathname_absolute() +{ + # Checks whether a string is an absolute pathname (that is: one that is non- + # empty and starts with either exactly one or more than two `/`). + + local pathname="$1" + + [ "${pathname}" != '//' ] || return 1 + [ -n "${pathname##//[!/]*}" ] || return 1 + [ -z "${pathname##/*}" ] || return 1 + [ -n "${pathname}" ] || return 1 + + return 0 +} + print_normalised_pathname() { # Normalises a pathname given via the positional parameter #1 as follows: @@ -155,6 +170,11 @@ while [ "$#" -ge 1 ]; do ;; -p|--restrict-path) + # check whether the pathname is absolute + if ! is_pathname_absolute "$2"; then + reject_and_die "pathname \"$2\" given to the \"--restrict-path\"-option is not absolute" + fi + restrict_path_list="${restrict_path_list}|$(print_normalised_pathname "$2")" shift # past argument ;;