Enhance allowed script dir to not allow relative pathnames.

When users start using releative pathnames it becomes hard to determine if a path is within a certain allowed path setting without reverting to more drastic measures. So we just don't allow relative pathnames for scripts when using the allowed script dir feature.
bareos · Feb 17, 2015 · fdb3e78 · fdb3e78
1 parent cb29a92
commit fdb3e78
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/lib/runscript.c b/src/lib/runscript.c
@@ -114,6 +114,16 @@ static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowe
       *bp = '\0';
    }
 
+   /*
+    * Make sure there are no relative path elements in script dir by which the
+    * user tries to escape the allowed dir checking. For scripts we only allow
+    * absolute paths.
+    */
+   if (strstr(script_dir.c_str(), "..")) {
+      Dmsg1(200, "script_dir_allowed: relative pathnames not allowed: %s\n", script_dir.c_str());
+      return false;
+   }
+
    /*
     * Match the path the script is in against the list of allowed script directories.
     */
@@ -124,6 +134,9 @@ static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowe
       }
    }
 
+   Dmsg2(200, "script_dir_allowed: script %s %s allowed by Allowed Script Dir setting",
+         script->command, (allowed) ? "" : "NOT");
+
    return allowed;
 }