Project

General

Profile

Bug #721

Exclusion of '/../' should occur earlier during trace creation

Added by Daniel U. Thibault about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Target version:
Start date:
01/17/2014
Due date:
% Done:

100%

Estimated time:

Description

Consider this:

$ lttng create stupid/../stupider
Session stupid/../stupider created.
Traces will be written in /home/daniel/lttng-traces/stupid/../stupider-20140117-140634
$ lttng enable-event -u -a
All UST events are enabled in channel channel0
$ lttng start
Tracing started for session stupid/../stupider
Error: Using '/../' is not permitted in the trace path (/home/daniel/lttng-traces/stupid/..)
Error: Trace directory creation error

Or this:

$ lttng create stupid/../stupider -U net://131.132.32.77
Session stupid/../stupider created.
Traces will be written in net://131.132.32.77
$ lttng enable-event -u -a
All UST events are enabled in channel channel0
$ lttng start
Tracing started for session stupid/../stupider
Error: Relayd add stream replied error 11
Error: Using '/../' is not permitted in the trace path (/home/daniel/lttng-traces/stupid/..)
Error: Trace directory creation error

Clearly in both cases the session name should have been vetted by the trace path validator as soon as lttng create was issued. Note also how, in the second example, the error message makes no sense (it refers to a local path that was not going to be used).

#1

Updated by David Goulet about 6 years ago

  • Status changed from New to Confirmed

Oh! this is actually pretty bad since with the session name being a "path", when we send it to the relayd, we create a tracing path which of course contains the session name but here interpreted as a path....

Fortunately, our trace path validation denies ../ but that could have been quite the security issue here!

#2

Updated by David Goulet about 6 years ago

  • Priority changed from Normal to High
  • Target version set to 2.3
#3

Updated by David Goulet about 6 years ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100
#4

Updated by Daniel U. Thibault about 6 years ago

I tried using \u002f and \x2f in the session name. It seems fine, the characters never get realised as '/'.

Also available in: Atom PDF