From 91fa31c610a8efd726d6cfe3ef586e4f09c320c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 17 Aug 2018 23:12:56 +0200 Subject: [PATCH 1/5] [mnc] prepare for tainted mode the plugin name has to be un-tainted, because it's getting executed --- script/munin-node-configure | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/script/munin-node-configure b/script/munin-node-configure index 21b713c95b..cedc9260a3 100755 --- a/script/munin-node-configure +++ b/script/munin-node-configure @@ -331,7 +331,15 @@ sub init_snmp sub run_plugin { my ($plugins, $plugin, $mode) = @_; - my $name = $plugin->{name}; + + # un-taint the plugin name cause it is getting executed + my $name; + if ($plugin->{name} =~ /^([\w-]+)$/x) { + $name = $1; + } else { + $plugin->log_error("Invalid plugin name '$plugin->{name}'"); + return; + } DEBUG("Running '$mode' on $name" ); my $res = $plugins->{library}->fork_service($name, $mode); @@ -349,10 +357,18 @@ sub run_plugin # Definitely a bad sign if ($plugin_signal) { $plugin->log_error("Died with signal $plugin_signal during $mode"); + if (my @junk = grep !/^#/, @{ $res->{stderr} }) { + $plugin->log_error("Junk printed to stderr"); + DEBUG("Junk printed to stderr: @junk"); + } return; } elsif ($plugin_exit) { $plugin->log_error("Non-zero exit during $mode ($plugin_exit)"); + if (my @junk = grep !/^#/, @{ $res->{stderr} }) { + $plugin->log_error("Junk printed to stderr"); + DEBUG("Junk printed to stderr: @junk"); + } return; } From be2bc7f3b8a6aafc3ea2bc684d3944c72970f88f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 17 Aug 2018 15:17:40 +0200 Subject: [PATCH 2/5] [mnc] fix documentation so that --help works Pod::Usage::pod2usage looks for the pod documentation OPTIONS not GENERAL OPTIONS --- script/munin-node-configure | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/script/munin-node-configure b/script/munin-node-configure index cedc9260a3..38e633d248 100755 --- a/script/munin-node-configure +++ b/script/munin-node-configure @@ -479,7 +479,7 @@ plugins will be printed. These can be reviewed or piped directly into a shell to install the plugins. -=head1 GENERAL OPTIONS +=head1 OPTIONS =over 4 @@ -682,13 +682,13 @@ not this works with any particular device, we do not know. This is munin-node-configure (munin-node) v@@VERSION@@. -=head1 AUTHOR +=head1 AUTHORS Copyright (C) 2009-2010 Matthew Boyle Copyright (C) 2006 Nicolai Langfeldt Copyright (C) 2003-2005 Jimmy Olsen -=head1 LICENSE +=head1 COPYRIGHT This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR From 18c2756014634f08399ff207b7eb09a0cc1e6614 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 17 Aug 2018 23:22:05 +0200 Subject: [PATCH 3/5] enable taint mode for m-n-c and munin-update --- script/munin-node-configure | 2 +- script/munin-update | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/script/munin-node-configure b/script/munin-node-configure index 38e633d248..3f59ae82b9 100755 --- a/script/munin-node-configure +++ b/script/munin-node-configure @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -T # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License diff --git a/script/munin-update b/script/munin-update index d8c1fe8a0e..ce94df7683 100755 --- a/script/munin-update +++ b/script/munin-update @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -T use warnings; use strict; From b328d543cc05adbd339507b1ade8275bd65e5136 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 18 Aug 2018 20:21:40 +0200 Subject: [PATCH 4/5] update dev scripts for running sandbox with taint mode --- dev_scripts/install | 2 +- dev_scripts/run | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dev_scripts/install b/dev_scripts/install index 24729e1c74..42c0d44cb3 100755 --- a/dev_scripts/install +++ b/dev_scripts/install @@ -57,7 +57,7 @@ EOF configure_plugins() { banner CONFIGURE PLUGINS - munin-node-configure --suggest --shell --families=contrib,auto --remove-also | sh -x + dev_scripts/run munin-node-configure --suggest --shell --families=contrib,auto --remove-also | sh -x } configure_node() { diff --git a/dev_scripts/run b/dev_scripts/run index 680ebb40ff..1e75ab10dd 100755 --- a/dev_scripts/run +++ b/dev_scripts/run @@ -17,10 +17,10 @@ if [ -z "${1:-}" ]; then usage fi -if command=$(command -v "$1"); then - echo "# [dev/run] Found: ${command}" - echo "# [dev/run] Command line: " "$@" - exec "$@" +if [ -x "${BASEDIR}/sandbox/bin/$1" ]; then + echo "# [dev/run] Found: ${BASEDIR}/sandbox/bin/$1" + echo "# [dev/run] Command line: /usr/bin/perl -T -Mlib=${BASEDIR}/sandbox/lib/perl5/ ${BASEDIR}/sandbox/bin/$@" + exec /usr/bin/perl -T -Mlib="${BASEDIR}/sandbox/lib/perl5/" "${BASEDIR}/sandbox/bin/$@" else echo >&2 "Failed to find '$1'" exit 1 From 90f4cf24de61b414a9f46b4d1e4c976e24df1e4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 18 Aug 2018 21:01:09 +0200 Subject: [PATCH 5/5] cleanup un-taint code --- script/munin-httpd | 5 ----- script/munin-node | 8 -------- script/munin-node-configure | 1 - script/munin-run | 15 --------------- 4 files changed, 29 deletions(-) diff --git a/script/munin-httpd b/script/munin-httpd index 401d6b1588..cea95439ba 100755 --- a/script/munin-httpd +++ b/script/munin-httpd @@ -27,9 +27,6 @@ along with this program. If not, see . use strict; use warnings; -# Trust PERL5LIB from environment -use lib map { /(.*)/ } split(/:/, ($ENV{PERL5LIB} || '')); - package Munin::Master::Http; use HTTP::Server::Simple::CGI::PreFork; @@ -61,7 +58,5 @@ sub handle_request package main; -$ENV{PATH} = '/usr/bin:/bin'; - # start the server on port 4948 Munin::Master::Http->new(4948)->run(prefork => 1, max_servers => 10); diff --git a/script/munin-node b/script/munin-node index 81aab6e03f..2f5ab3da9c 100755 --- a/script/munin-node +++ b/script/munin-node @@ -26,9 +26,6 @@ use strict; use warnings; -# Trust PERL5LIB from environment -use lib map { /(.*)/ } split(/:/, ($ENV{PERL5LIB} || '')); - use Getopt::Long; use Munin::Common::Defaults; @@ -92,11 +89,6 @@ sub main conf_file => $conffile, ); - # Untaint $0 after Munin::Node::Server has had a chance of getting - # the original value - $0 =~ /([^\/]*)$/; - $0 = $1; - return 0; } diff --git a/script/munin-node-configure b/script/munin-node-configure index 3f59ae82b9..0763578516 100755 --- a/script/munin-node-configure +++ b/script/munin-node-configure @@ -32,7 +32,6 @@ my $config = Munin::Node::Config->instance(); my @all_families = qw/auto manual contrib/; my @default_families = qw/auto/; - sub main { parse_args(); diff --git a/script/munin-run b/script/munin-run index d3fc4dbcb2..9ed89701e3 100755 --- a/script/munin-run +++ b/script/munin-run @@ -25,9 +25,6 @@ use strict; use warnings; -# Trust PERL5LIB from environment -use lib map { /(.*)/ } split(/:/, ($ENV{PERL5LIB} || '')); - use Getopt::Long; use Munin::Common::Defaults; @@ -47,20 +44,8 @@ my $paranoia = 0; my $config = Munin::Node::Config->instance(); - sub main { - # "Clean" environment to disable taint-checking on the environment. We _know_ - # that the environment is insecure, but we want to let admins shoot themselves - # in the foot with it, if they want to. - foreach my $key (keys %ENV) { - $ENV{$key} =~ /^(.*)$/; - $ENV{$key} = $1; - } - - $0 =~ /^(.*)$/; - $0 = $1; - my ($plugin, $arg) = parse_args(); # Loads the settings from munin-node.conf.