PATCH: 'source environment' param and % token subs for'netbios name'

Nicolas Williams Nicolas.Williams at wdr.com
Sun Jan 30 17:46:53 GMT 2000 

On Fri, 28 Jan 2000, Jeremy Allison wrote:
> Richard Sharpe wrote: 
> 
> > This sort of feature is so important for HA that I am about to commit your 
> > patches to 2.0.7, if Jeremy hasn't already done it. 
> > 
> > If Jeremy doesn't like the patch, he can argue about it. 
> 
> Richard, 
> 
>         Please don't do it *quite* yet. I fully intend to 
> grab it and apply it for 2.0.7 (I emailed Nicolas and 
> told him so), but I want to do some work 
> on the popen() part of it first to make it paranoid and 
> bullet-proof first. I recognised how useful it was for HA 
> work as soon as I looked over it :-). 

Well, yes, popen() is a bit problematic. I wish there were a standard
restricted shell that one could force popen() to use. That said, if one
restricts oneself to source env parameters like this:

	source environment = /etc/smb.conf.sh|

or

	source environment = /etc/smb.conf.sh %$(SOME_ENV_VAR) |

and if one avoids using % tokens whose value is determined by the user
then all should be ok.

Remember also that 'source environment' only does anything when the file
containing it is being included.

So all in all using popen() here should be fairly safe, provided one
does not do stupid things with it...

There is one other caveat though: it is possible to have env vars whose
value would confuse env(1). For example:

% echo $FOO
foo BAR=baz
% echo $BAR

% ( eval echo \$FOO )
foo BAR=baz
% ( eval echo \$BAR )

% 
% export FOO
% env|egrep 'FOO|BAR'
FOO=foo
BAR=baz
% 

This is a limitation of the format of env(1)'s output. Something to keep
in mind.

> Cheers, 
> 
>         Jeremy. 


Nico
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the samba-technical mailing list