search

digint / btrbk

Tool for creating snapshots and remote backups of btrfs subvolumes
https://digint.ch/btrbk/
GNU General Public License v3.0
1.6k stars 117 forks source link

ssh_filter_btrbk.sh: disallow newlines in the SSH command #514

Closed calestyo closed 1 year ago

calestyo commented 1 year ago

This disallows newline (that is: LF characters) in the SSH command, which could have been exploited for arbitrary code execution, since commit 77a39282de6fdc98cad1270c6b5b6105629d5e5a.

Example:

Since readlink is a generally allowed command, this works with any of ssh_filter_btrbk.sh’s options. But most likely, other commands that are “added” via allow_cmd() can be used, too.

Signed-off-by: Christoph Anton Mitterer mail@christoph.anton.mitterer.name

calestyo commented 1 year ago

git's cleanup had removed my example lines as comments.

digint commented 1 year ago

merged in 36d6ba7d073acf84def76dfcd7600a82cd2e9ce6, thanks!

calestyo commented 1 year ago

Thanks for merging that one... that helps me quite a bit in the bigger branch I'm preparing, which I'll rebase upon this one here.

calestyo commented 1 year ago

Dammit... I've just seen that the commit message of this was again broken... it contains all the comment lines from git... would you want to keep it... or force push?

calestyo commented 1 year ago

That would now be the branch with the same commit than above, just with the right message: https://github.com/calestyo/btrbk/tree/fix-remote-code-execution

calestyo commented 1 year ago

Just tell me if I should make another PR in case you want to rewrite history.