[pve-devel] [PATCH pve-storage/pve-manager v3 0/4] fix #623: show isos/vztmpl/snippets in subdirs
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Jul 14 13:40:23 CEST 2023
On June 15, 2023 2:03 pm, Noel Ullreich wrote:
> This patch fixes #623, allowing isos/vztmpl/snippets in subdirectories.
> This feature is opt-in and can be set from the API, web interface or
> with `pvesm`.
>
> I addressed the security concerns raised by Fabian, now parent
> directories in the path (i.e. `/my/path/../somewhere/`) are forbidded.
> I have kept the permission to use symlinks, however, if this is a
> security issue, symlinks can easily be forbidden as well. This,
> however, would be a breaking change.
w.r.t. the symlinks:
symlinks are (still) allowed for the files themselves, which is okay.
what is a bit strange is that the "size" of a symlinked iso is that of
the symlink, not of the target, i.e., it depends on the name length
instead of the content size ;)
symlinks are not allowed (or rather, ignored) for the intermediate
components, which I guess would be one of the main use cases for
symlinks in the first place? having to link each file separately seems
tedious..
I tried to think about possible "bad" scenarios with symlinked subdirs,
but all of them are applicable to symlinked files as well and either
- require direct write access to the storage directory hierarchy to
allow the creation of "dangerous" symlinks (not exposed over the API)
- an attacker-controlled host-mounted subvol that is mounted below the
iso/template/.. content dir (which is actually a variant of the above
I guess)
with the size and dir parts addressed, and the small nit I noted inline
with patch #1, consider this
Reviewed-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
unless somebody comes up with a symlink-related attack scenario that
would be exploitable on a regular PVE setup which I missed, of course ;)
> parts of the tests as well as the regex for checking, if a `/../` is in
> the path have been taken and/or adapted from an older patch that was
> never merged:
> https://lists.proxmox.com/pipermail/pve-devel/2020-May/043622.html
>
> This is a complete rework from v1, so I don't see a point in writing
> what the differences are. It's all different.
>
> ----
> changes from v2:
> * rebased so that applying with new structure in pve-storage works
> (/PVE was moved to /src/PVE/)
> * fixed the path of the volid for snippets in Pluggin.pm (thanks @Markus)
>
> Noel Ullreich (4):
>
> pve-storage:
> recursively go through subdirs to find files
> add `subdir-depth` option to filesystems
> update test for recursive subdir search
>
> src/PVE/Storage.pm | 7 +++
> src/PVE/Storage/CIFSPlugin.pm | 1 +
> src/PVE/Storage/CephFSPlugin.pm | 1 +
> src/PVE/Storage/DirPlugin.pm | 1 +
> src/PVE/Storage/GlusterfsPlugin.pm | 1 +
> src/PVE/Storage/NFSPlugin.pm | 1 +
> src/PVE/Storage/Plugin.pm | 63 +++++++++++++++++----------
> src/test/filesystem_path_test.pm | 18 ++++++++
> src/test/list_volumes_test.pm | 68 ++++++++++++++++++++++++++++++
> src/test/parse_volname_test.pm | 40 ++++++++++++++++++
> 10 files changed, 179 insertions(+), 22 deletions(-)
>
> pve-manager:
> www/manager6/storage/Base.js | 11 +++++++++++
> 1 file changed, 11 insertions(+)
> --
> 2.30.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list