From d6bcf7ff5e97df3195d34269b1b72952b4a00778 Mon Sep 17 00:00:00 2001
From: Giuseppe Di Natale <dinatale2@users.noreply.github.com>
Date: Mon, 24 Jul 2017 11:53:59 -0700
Subject: Restrict zpool iostat/status -c to search path

zpool iostat/status -c is supposed to be restricted
by its search path, but currently isn't. To prevent
arbitrary scripts from being executed, disallow '/'
from commands.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Closes #6353
Closes #6359
---
 cmd/zpool/zpool_iter.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'cmd/zpool/zpool_iter.c')

diff --git a/cmd/zpool/zpool_iter.c b/cmd/zpool/zpool_iter.c
index abb1b1798..e55c2f102 100644
--- a/cmd/zpool/zpool_iter.c
+++ b/cmd/zpool/zpool_iter.c
@@ -565,6 +565,9 @@ vdev_run_cmd_thread(void *cb_cmd_data)
 		char *dir = NULL, *sp, *sprest;
 		char fullpath[MAXPATHLEN];
 
+		if (strchr(cmd, '/') != NULL)
+			continue;
+
 		sp = zpool_get_cmd_search_path();
 		if (sp == NULL)
 			continue;
-- 
cgit v1.2.3