Skip to content
Permalink
Browse files Browse the repository at this point in the history
ssh_filter_btrbk.sh: fix alternation regex
Security vulnerability fixed in alternation regex. Specialy crafted
commands may be executed without being propely checked.

Affects all versions >= btrbk-v0.23.0

Regression from:

   ccb5ed5 ssh_filter_btrbk: allow "realpath" and "cat /proc/self/mounts" on targets

Reported by: @protree (responsible disclosure)
  • Loading branch information
digint committed Mar 21, 2021
1 parent adc269a commit 58212de
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ssh_filter_btrbk.sh
Expand Up @@ -86,7 +86,7 @@ reject_filtered_cmd()
return 0
fi

exact_cmd_match="^${allow_exact_list}$";
exact_cmd_match="^(${allow_exact_list})$";
if [[ $SSH_ORIGINAL_COMMAND =~ $exact_cmd_match ]] ; then
return 0
fi
Expand Down

0 comments on commit 58212de

Please sign in to comment.