search

canonical / testflinger

https://testflinger.readthedocs.io/en/latest/
GNU General Public License v3.0
12 stars 20 forks source link

fix(muxpi): Escape/quote partition labels #344

Closed thp-canonical closed 2 months ago

thp-canonical commented 2 months ago

Description

Make sure partition labels are not passed unquoted/unescaped to the shell.

Resolved issues

When a provisioning image contains a partition which has a label that contains special characters interpreted by the shell, these are not properly escaped, leading to issues with mounting and potentially executing unexpected code:

% lsblk -o NAME,LABEL -J /dev/loop35
{
   "blockdevices": [
      {
         "name": "loop35",
         "label": null,
         "children": [
            {
               "name": "loop35p1",
               "label": "; echo Hello"
            }
         ]
      }
   ]
}

That "label" value is returned by _get_part_labels(), and currently passed unescaped to self._run_control() in remote_mount() (this here assumes self.mount_point == "/foo"):

self._run_control("sudo mkdir -p {}".format(mount))

For a label of "; echo Hello", or a mount value of "/foo/;echo Hello", this would expand to:

self._run_control("sudo mkdir -p {}".format("/foo/; echo Hello"))

Which would run on the control host:

self._run_control("sudo mkdir -p /foo/; echo Hello")

Example disk image containing an ext4 partition with the label "; echo Hello" (can easily be re-created with gnome-disks by creating a new disk image of 16 MiB, initializing it with a GPT and creating a single ext4 partition with the label "; echo Hello"):

Unnamed (2024-08-26 0823).img.zip

Apart from the special shell characters causing wrong code to be run, even for cases where the partition label contains just spaces (e.g. a partition with the label "My Documents"), this is already an issue.

Documentation

No changes.

Web service API changes

No changes.

Tests

Not tested.