Skip to content

Commit

Permalink
mxmount: Use safer version of qx
Browse files Browse the repository at this point in the history
The perl qx operator (`cmd`) calls a shell when cmd contains shell
metacharacters. If our netgroup (accidentally) contains a shell meta
character, unexpected things might happen. Replace by safer code.
  • Loading branch information
donald committed Nov 22, 2018
1 parent 3822b7b commit 846af5b
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion mxmount/mxmount
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ create_exports();

system("exportfs -ra");

sub safe_qx { open my $pipe,'-|',@_; return join('',<$pipe>) }

sub add_data0_if_not_present {
my $allmp = $D{$hostname};

Expand Down Expand Up @@ -89,7 +91,7 @@ sub create_exports {
my $hosts='';
warn "export $mountpoint to $hostspec opts $opts\n";
if (my ($group) = $hostspec=~/^@(.+)/) {
$hosts=`hostconfig --list $group`; # expanded group
$hosts=safe_qx('/usr/sbin/hostconfig','--list',$group); # expanded group
$hosts or warn "group $group is empty\n";
} else {
$hosts=$hostspec; # single host
Expand Down

0 comments on commit 846af5b

Please sign in to comment.