[pdm-devel] applied: [PATCH proxmox v2] rrd: update_value: restrict archive file path
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Nov 27 14:22:50 CET 2025
On Thu, 20 Nov 2025 12:00:33 +0100, Lukas Wagner wrote:
> The `rel_path` parameter is used as a relative path inside the `rrdb`
> base directory to build the final path for the archive file. Usually,
> this is something like 'node/localhost/cpu_avg1'. For PBS, this is fine,
> since these paths are hardcoded or derived from safe datastore names. In
> PDM however, these paths are built from potentially 'untrusted' (as in,
> one could 'pretend' to be a PBS/PVE remote and send malicious data)
> metric data points - so we should have additional safe guards in place
> to disallow potentially dangerous paths like '../abc' which would escape
> the base directory.
>
> [...]
Applied, thanks!
[1/1] rrd: update_value: restrict archive file path
commit: 948b0f0f3b66656cb4e5e9d00e7a2bc8ce9fc0ea
More information about the pdm-devel
mailing list