mirror of https://github.com/digint/btrbk
btrbk: do not run in perl taint mode by default: remove "perl -T" in hashbang; hardcode $PATH only if taint mode is enabled
While taint mode [1] is a nice feature of perl, e.g. it disallows using variables (such as filenames from the config file) which were not validated in system() commands, it also treats $PATH as insecure (which inherently is, as perl cannot know who messed around with it). [1] perlsec(1): http://perldoc.perl.org/perlsec.html [2] perlrun(1): http://perldoc.perl.org/perlrun.html Note that btrbk still does all taint checks, and can be run in taint mode: - by executing `perl -T /usr/sbin/btrbk`, - or by changing the hashbang to: `!#/usr/bin/perl -T`.pull/204/head
Axel Burri
parent
5f867c2347
commit
571dae4428
|
|
@ -4,6 +4,8 @@ btrbk-current
|
||||||
line option (which is now deprecated).
|
line option (which is now deprecated).
|
||||||
* Add "snapshot" command (close #150).
|
* Add "snapshot" command (close #150).
|
||||||
* Add "--preserve-snapshots" and "--preserve-backups" options.
|
* Add "--preserve-snapshots" and "--preserve-backups" options.
|
||||||
|
* Do not run in "perl taint mode" by default: remove "perl -T" in
|
||||||
|
hashbang; hardcode $PATH only if taint mode is enabled.
|
||||||
* Remove "duration" column from transaction_log/transaction_syslog.
|
* Remove "duration" column from transaction_log/transaction_syslog.
|
||||||
* Bugfix: ssh_filter_btrbk: accept mbuffer command (stream_buffer).
|
* Bugfix: ssh_filter_btrbk: accept mbuffer command (stream_buffer).
|
||||||
* Bugfix: print correct (end-)time in transaction_log.
|
* Bugfix: print correct (end-)time in transaction_log.
|
||||||
|
|
|
||||||
22
btrbk
22
btrbk
|
|
@ -1,4 +1,4 @@
|
||||||
#!/usr/bin/perl -T
|
#!/usr/bin/perl
|
||||||
#
|
#
|
||||||
# btrbk - Create snapshots and remote backups of btrfs subvolumes
|
# btrbk - Create snapshots and remote backups of btrfs subvolumes
|
||||||
#
|
#
|
||||||
|
|
@ -3707,10 +3707,22 @@ sub exit_status
|
||||||
|
|
||||||
MAIN:
|
MAIN:
|
||||||
{
|
{
|
||||||
# set PATH instead of using absolute "/sbin/btrfs" (for now), as
|
# NOTE: Since v0.26.0, btrbk does not enable taint mode (perl -T) by
|
||||||
# different distros (and even different versions of btrfs-progs)
|
# default, and does not hardcode $PATH anymore.
|
||||||
# install the "btrfs" executable to different locations.
|
#
|
||||||
$ENV{PATH} = '/sbin:/bin:/usr/sbin:/usr/bin';
|
# btrbk still does all taint checks, and can be run in taint mode.
|
||||||
|
# In order to enable taint mode, run `perl -T btrbk`.
|
||||||
|
#
|
||||||
|
# see: perlrun(1), perlsec(1)
|
||||||
|
#
|
||||||
|
my $taint_mode_enabled = eval '${^TAINT}';
|
||||||
|
if($taint_mode_enabled) {
|
||||||
|
# we are running in tainted mode (perl -T), sanitize %ENV
|
||||||
|
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
|
||||||
|
|
||||||
|
# in taint mode, perl needs an untainted $PATH.
|
||||||
|
$ENV{PATH} = '/sbin:/bin:/usr/sbin:/usr/bin';
|
||||||
|
}
|
||||||
|
|
||||||
Getopt::Long::Configure qw(gnu_getopt);
|
Getopt::Long::Configure qw(gnu_getopt);
|
||||||
my $start_time = time;
|
my $start_time = time;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue