On Mon, Feb 09, 2015 at 11:06:19AM +0000, Margaret Lewicka wrote:
* Workaround for linux-specific fuser -v
* Workaround for linux-specific fusermount
---
fuse/guestunmount.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/fuse/guestunmount.c b/fuse/guestunmount.c
index 3df481b..2190ba0 100644
--- a/fuse/guestunmount.c
+++ b/fuse/guestunmount.c
@@ -257,7 +257,12 @@ do_fusermount (const char *mountpoint, char **error_rtn)
/* We have to parse error messages from fusermount, so ... */
setenv ("LC_ALL", "C", 1);
+#ifdef __linux__
execlp ("fusermount", "fusermount", "-u", mountpoint,
NULL);
+#else
+ /* use umount where fusermount is not available */
+ execlp ("umount", "umount", mountpoint, NULL);
+#endif
perror ("exec");
_exit (EXIT_FAILURE);
}
@@ -334,7 +339,19 @@ do_fuser (const char *mountpoint)
}
if (pid == 0) { /* Child - run /sbin/fuser. */
+#ifdef __linux__
execlp ("/sbin/fuser", "fuser", "-v", "-m",
mountpoint, NULL);
+#else
+ /* BSD and Mac OS X versions of fuser do not have the -v option */
+ const char *cmd_prefix = "/bin/ps -p \"$(fuser -c ";
+ const char *cmd_suffix = " 2>/dev/null)\" -o user,pid,comm
2>/dev/null";
+ char *cmd = malloc (strlen(cmd_prefix) + strlen(mountpoint) + strlen(cmd_suffix) +
1);
+ if (cmd) {
+ sprintf (cmd, "%s%s%s", cmd_prefix, mountpoint, cmd_suffix);
+ execlp ("/bin/sh", "sh", "-c", cmd, NULL);
This is vulnerable to shell meta characters in the user supplied
"mountpoint" string. I dont know if it is a security exploit in
the context of libguestfs alone, but it could cause problems when
considered apps using libguestfs. Any use of shell should really
be avoided when dealing with user supplied input.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|