From d6bcf7ff5e97df3195d34269b1b72952b4a00778 Mon Sep 17 00:00:00 2001
From: Giuseppe Di Natale <dinatale2@users.noreply.github.com>
Date: Mon, 24 Jul 2017 11:53:59 -0700
Subject: Restrict zpool iostat/status -c to search path

zpool iostat/status -c is supposed to be restricted
by its search path, but currently isn't. To prevent
arbitrary scripts from being executed, disallow '/'
from commands.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Closes #6353
Closes #6359
---
 man/man8/zpool.8 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'man/man8/zpool.8')

diff --git a/man/man8/zpool.8 b/man/man8/zpool.8
index 78a6542d7..02853342c 100644
--- a/man/man8/zpool.8
+++ b/man/man8/zpool.8
@@ -1464,7 +1464,8 @@ output. Users can run any script found in their
 .Pa ~/.zpool.d
 directory or from the system
 .Pa /etc/zfs/zpool.d
-directory. The default search path can be overridden by setting the
+directory. Script names containing the slash (/) character are not allowed.
+The default search path can be overridden by setting the
 ZPOOL_SCRIPTS_PATH environment variable. A privileged user can run
 .Fl c
 if they have the ZPOOL_SCRIPTS_AS_ROOT
-- 
cgit v1.2.3