From 43c2dc9318f5733006388563468ba75e39e8d997 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 11 Jan 2024 16:11:53 +0100 Subject: [PATCH] wsdd: Securely parse the workgroup name MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Because of a single variable being passwd with the workgroup, it would have been possible to inject shell commands here. Passing it in the array prevents that. Signed-off-by: Daniel Weismüller --- src/initscripts/packages/wsdd | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd index b07fe3ace2..e4ae3d2989 100644 --- a/src/initscripts/packages/wsdd +++ b/src/initscripts/packages/wsdd @@ -38,18 +38,20 @@ ARGS=( # Only use IPv4 "--ipv4only" + + # Configure the workgroup + "--workgroup" "$(testparm -s --parameter-name workgroup 2>/dev/null)" ) INTERFACES="--interface ${GREEN_DEV}" if [ -n "${BLUE_DEV}" ]; then INTERFACES="${INTERFACES} --interface ${BLUE_DEV}" fi -WSDD_WORKGROUP="--workgroup $(/usr/bin/testparm -s --parameter-name workgroup 2>/dev/null)" case "$1" in start) boot_mesg "Starting wsdd daemon..." - loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES} ${WSDD_WORKGROUP} + loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES} ;; stop) -- 2.39.5