[pve-devel] [PATCH] Check only first part of script parameter for executability

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Oct 21 11:05:30 CEST 2021


Hi,

thanks for your effort in contributing to Proxmox VE!

A few things inline

On 21.10.21 10:46, Phillipp Röll wrote:
> When giving a script parameter including arguments to the dump process,
> the full script parameter including the arguments is checked for
> executablility. The following will always abort with a "not executable"
> error:
> 
> vzdump 100 --script "/usr/local/bin/myscript.pl myarg"
> 
> If we split the script argument and check only the first part, the
> check works as expected.

your sign-off is missing here and it doesn't seems like we have a signed
CLA from you or your company here, and to be able to take in a patch you'd
need to send one to <office at proxmox.com>. For details please check:
https://pve.proxmox.com/wiki/Developer_Documentation#Software_License_and_Copyright

> ---
>  PVE/VZDump.pm | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm
> index 88ac11b3..fe1a7f23 100644
> --- a/PVE/VZDump.pm
> +++ b/PVE/VZDump.pm
> @@ -630,7 +630,9 @@ sub run_hook_script {
>      my $script = $opts->{script};
>      return if !$script;
>  
> -    if (!-x $script) {
> +    my @script_args = split /\s+/, $script;

That would break existing configuration that use a script with whitespace in its
path name.

Can you please provide your usecase where the arguments Proxmox VE sets for the
script aren't enough? So that we've a better picture about possible options.

cheers,
Thomas





More information about the pve-devel mailing list