Re: [Libguestfs] [PATCH] mllib: hostname: replace the hostname on Debian also in /etc/hosts (RHBZ#953907).
On Thursday 13 February 2014 13:33:16 Richard W.M. Jones wrote:
On Thu, Feb 13, 2014 at 02:15:31PM +0100, Pino Toscano wrote:
> + let expr = "/files/etc/hosts/*[label() != '#comment']/*[label()
> != 'ipaddr'][. = '" ^ oldhost ^ "']" in
Quoting? If oldhost contains a ' character + some Augeas code, this
might be exploitable.
Hm right. Gone back in manually checking the values.
I thought it might be possible to iterate over the Augeas tree.
I'm
fairly sure I used to have some code that did this, but I can't find
it at the moment.
At least in libguestfs, the two files which do augeas match+iteration
are sysprep/sysprep_operation_user_account.ml (which you mentioned
earlier) and src/inspect-fs-unix.c.
--
Pino Toscano