[pve-devel] [PATCH common] run_command: untaint end of buffer

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jun 23 06:43:36 CEST 2021


On 22.06.21 18:52, Stoiko Ivanov wrote:
> On Tue, 22 Jun 2021 17:15:08 +0200
> Thomas Lamprecht <t.lamprecht at proxmox.com> wrote:
> 
>> On 22.06.21 17:10, Stoiko Ivanov wrote:
>>> I had a patch for untainting the individual values in
>>> PVE::Storage::Plugin::volume_size_info but then went with this patch,  
>>
>> I'd rather have that patch, especially for back-porting to stable.
> Makes sense - sent the patch for pve-storage
> 
>> I mean, else we can probably just turn of the taint mode completely, what's the
>> point then.
> I'm always a bit (too) cautious when it comes to turning of 'security'
> related 'features' (even if mostly doubting that taint-mode fits either of
> those 2 categories) - so not sure about disabling it in general
> 
> the taint of the some of the run_command output on the other hand was
> introduced as a side-effect with the changes last year afaict, and has

it really wasn't, it gave no guarantees and some callers did not checked for
it, some floated up then, if we just blindly untainted anything it just has
no benefit to run under taint mode, especially as we want to move over as much
as possible to run_command anyway.

Rather than just band-aiding it somewhere in the middle with a catch all regex that
*completely* defeats the purpose of the concept of tainting, it can be better to
either just disable or fix the few places where it's actual wrong with a local
decision about how closely we can restrict the untainting, sometimes a match-all is
all it can realistically be there, but not always.

> caused at least 2 glitches since then...
> 

which is really not much, and the whole "fool me once, ..." should make it easier
to spot any remaining one ;-P





More information about the pve-devel mailing list