Fix: relayd: hostname check is too restrictive
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 14 Jan 2020 22:08:13 +0000 (17:08 -0500)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 14 Jan 2020 23:49:57 +0000 (18:49 -0500)
commit6ec9dc48cf7f3d5e1fc01f741197c0bacc94bbf0
tree04a69564acc757cc37cbd700a7e775f1e0f86511
parent8abae9cb6df700eacb3c881746e3cc2d75b1d4df
Fix: relayd: hostname check is too restrictive

The check performed by the relay daemon on hostnames is too
restrictive. Since existing session daemons directly use the hostname
returned by gethostname(), the relay daemon must correctly handle FQDN
hostnames, which may contain dots.

This has been observed on the LTTng CI's RHEL8 nodes which report an
FQDN hostname.

The new function 'is_name_path_safe' is used for both session and host
names. It does not check for every problematic path names (reserved
names on Windows, per-platform illegal characters, etc.) Those
restrictions are assumed to be handled when open() and similar
syscalls fail.

However, the objective of this check is to prevent malicious (or at
least unexpected), but legal, names from being used, namely:
  - names that contain a path separator,
  - empty names,
  - hidden names (starting with a dot).

Ideally, illegal names would be automatically escaped in the future.
This is, however, beyond the scope of this fix.

Fixes #1212

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ieeb8b60d22c27b390b51ef7fb52cea0d0ac0f188
src/bin/lttng-relayd/session.c
src/common/compat/path.h [new file with mode: 0644]
This page took 0.032711 seconds and 4 git commands to generate.