[lvm-devel] Re: [PATCH v2] vgimportclone: script to import SAN snapshots and clones
chris procter
chris-procter at talk21.com
Thu May 14 22:36:07 UTC 2009
> > I hate to go on about security, but have you tested that the script does not
> > misbehave even when you give it a PV with the nastiest set of characters you
> > can imagine in it?
>
> I have not personally tested with nasty names but Chris did based on my
> feedback that PV names like the following are technically valid:
> pv_ugly="__\"!@#\$%^&*,()|@||'\\\"__pv1"
>
> Chris contributed the code that symlinks the specified PV to
> $TMP_LVM_SYSTEM_DIR/vgimportX.
>
> But I'll go over it. Are you concerned about security or functionality?
> Or both?
>
> Chris anything to add here?
Only that I've actually tried:
/dev/"__\"!@#\$%^&*,()|@||\\\""
/dev/*
/dev/''* (with trailing space and single quotes)
/dev/$* ^"
(and probably some others I've forgotten) as pv names and it handled them without issue. It only actually uses the pv names while it create symlinks from more sensible names (the $TMP_LVM_SYSTEM_DIR/vgimportX names) which lvm.conf can handle, so functionalitywise I don't see a problem. Securitywise, well I thought using /tmp/lvm/lvm.conf was safe so what do I know.
chris
More information about the lvm-devel
mailing list