[pve-devel] problem with my nexenta plugin when start vm with pve-manager, need perl help
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Aug 21 15:17:27 CEST 2012
Am 21.08.2012 15:00, schrieb Alexandre DERUMIER:
>>> No problem but are there any other cases where we pass parameters to a
>>> system call? We need to regex check them all...
> What was the problem exactly ?
>
>
> I don't see param verification in
> /usr/share/perl5/PVE/Tools.pm
> sub run_command {
> my ($cmd, %param) = @_;
> ....
> $pid = open3($writer, $reader, $error, @$cmd) || die $!;
As long as parts from %param do not come from http there is no problem
;-) Perl wants to protects you from a http result like:
; rm -rf /
which you then pass to the command.
Stefan
More information about the pve-devel
mailing list