Comments (11)
I assume your problem is on the 'zpool import' call. That's where I'm seeing the problem. I don't think you're doing anything wrong. I think, after a couple of experiments, that 'zpool import' returns 1 if there are no pools to import. I'm looking into it.
from zfs-toolbox.
Yes, it was on the 'zpool import'. I believe I was also seeing the zpool usage message, though, which makes me think it is more than just an unexpected return code.
from zfs-toolbox.
Yes, I saw that too. For some reason, it doesn't seem to like the split array. I think I may have worked it all out this morning, although I didn't have time to test and what-not, so I'll fix this tonight.
from zfs-toolbox.
Fix: Pass absolute paths for 'zpool' and 'zfs' commands, use shell=False.
from zfs-toolbox.
It seems that this has the unfortunate consequence that now the "|" command does not work. I'm pretty sure you can pass "|" into check_output only if shell=False. I'm getting this failure on the zfs send ... | zfs receive ...
from zfs-toolbox.
I assume you mean "you can pipe only if shell=True"?
I suspected this would happen. Not running in the shell anymore means we can't just pipe as if we were in the shell. Probably need shell=True for these commands that want to pipe, or pipe through python (which is going to be kind of gross, but probably the better solution in this case).
This feels like a separate bug to me.
from zfs-toolbox.
Attempted a fix in e76243f. Untested.
from zfs-toolbox.
I haven't tested yet either. I'll look at it tonight.
There's a separate problem with shell=True, by the way. Namely, if any part of the command is untrusted, then we have a vulnerability, especially since this thing is being run as root. If we don't trust the input (and I don't think we should trust the pool names, for example), then the input can execute arbitrary code in the shell, for example by using backticks. In summary, I don't think using shell=True is a good idea anyway.
from zfs-toolbox.
Correct. If the configuration file is writable by an unprivileged user,
this results in a local privilege escalation vulnerability.
On Wed, Jul 11, 2012 at 10:06 AM, Joel Weinberger <
[email protected]
wrote:
I haven't tested yet either. I'll look at it tonight.
There's a separate problem with shell=True, by the way. Namely, if any
part of the command is untrusted, then we have a vulnerability, especially
since this thing is being run as root. If we don't trust the input (and I
don't think we should trust the pool names, for example), then the input
can execute arbitrary code in the shell, for example by using backticks. In
summary, I don't think using shell=True is a good idea anyway.
Reply to this email directly or view it on GitHub:
https://github.com/mfinifter/zfs-auto-backup/issues/3#issuecomment-6912912
from zfs-toolbox.
Succinctly said!
On Wed, Jul 11, 2012 at 10:09 AM, Matthew Finifter <
[email protected]
wrote:
Correct. If the configuration file is writable by an unprivileged user,
this results in a local privilege escalation vulnerability.On Wed, Jul 11, 2012 at 10:06 AM, Joel Weinberger <
[email protected]wrote:
I haven't tested yet either. I'll look at it tonight.
There's a separate problem with shell=True, by the way. Namely, if any
part of the command is untrusted, then we have a vulnerability,
especially
since this thing is being run as root. If we don't trust the input (and I
don't think we should trust the pool names, for example), then the input
can execute arbitrary code in the shell, for example by using backticks.
In
summary, I don't think using shell=True is a good idea anyway.
Reply to this email directly or view it on GitHub:
https://github.com/mfinifter/zfs-auto-backup/issues/3#issuecomment-6912912
Reply to this email directly or view it on GitHub:
https://github.com/mfinifter/zfs-auto-backup/issues/3#issuecomment-6912982
from zfs-toolbox.
After a bit of testing, this seems to be fixed. I think we can go ahead and call this one solved!
from zfs-toolbox.
Related Issues (19)
- Externalize configuration HOT 2
- Python bindings for libzfs HOT 1
- Script will have problems when zfs-auto-snapshot deletes snapshots HOT 7
- Install script HOT 1
- Support datasets that have a space in their name HOT 1
- Create a "zfs-toolbox" script HOT 2
- Dry run of zfs-auto-backup on non-incremental gives erroneous errors
- create documentation for zfs-toolbox HOT 1
- Create --after and/or --range options for zfs-delete-snapshots HOT 3
- Update --verbose on zfs-auto-backup HOT 1
- zfs-rollback script HOT 1
- Enhance logging
- zfs-auto-snapshot is creating snapshots on my backup pool HOT 6
- Disable auto-snapshot of backup pool at zfs-auto-backup install time
- Support many-to-many relationship between local pools and backup pools HOT 1
- Backup only a subset of datasets, rather than entire pools HOT 3
- Move configuration into dataset properties HOT 1
- Script does not recover from failed/crashed backups HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zfs-toolbox.