summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2017-10-23 09:18:26 +0200
committerErich Eckner <git@eckner.net>2017-10-23 09:18:26 +0200
commit113054018f04cf5e1a942fe2c9c8a066bf1fcf00 (patch)
treede2009c4138558689970b4f6974c0ed07e2d8cb5 /bin
parent5259e9449e479069f3b2cb4a1919b46d189ee847 (diff)
downloadbuilder-113054018f04cf5e1a942fe2c9c8a066bf1fcf00.tar.xz
bin/slave-build-connect: improve security
Diffstat (limited to 'bin')
-rwxr-xr-xbin/slave-build-connect7
1 files changed, 6 insertions, 1 deletions
diff --git a/bin/slave-build-connect b/bin/slave-build-connect
index 497c96f..e773256 100755
--- a/bin/slave-build-connect
+++ b/bin/slave-build-connect
@@ -5,7 +5,12 @@
if [ "${SSH_ORIGINAL_COMMAND%% *}" = "get-assignment" ] || \
[ "${SSH_ORIGINAL_COMMAND%% *}" = "return-assignment" ]; then
- slave="$1" /bin/sh -c "${base_dir}/bin/${SSH_ORIGINAL_COMMAND}"
+ export slave="$1"
+ # this is somewhat cumbersome, but we want:
+ # - no expansion of special shell-chars (*,;,\n,&&,~,$HOME)
+ # - splitting of arguments on spaces
+ echo "${SSH_ORIGINAL_COMMAND#* }" | \
+ xargs "${base_dir}/bin/${SSH_ORIGINAL_COMMAND%% *}"
else
>&2 echo "Invalid command: '${SSH_ORIGINAL_COMMAND%% *}'"
exit 42