[pve-devel] problem with my nexenta plugin when start vm with pve-manager, need perl help

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Tue Aug 21 15:17:27 CEST 2012


Am 21.08.2012 15:00, schrieb Alexandre DERUMIER:
>>> No problem but are there any other cases where we pass parameters to a
>>> system call? We need to regex check them all...
> What was the problem exactly ?
>
>
> I don't see param verification in
> /usr/share/perl5/PVE/Tools.pm
> sub run_command {
>      my ($cmd, %param) = @_;
>     ....
>   $pid = open3($writer, $reader, $error, @$cmd) || die $!;

As long as parts from %param do not come from http there is no problem 
;-) Perl wants to protects you from a http result like:
; rm -rf /

which you then pass to the command.

Stefan


More information about the pve-devel mailing list