Project

General

Profile

Bug #1765

dsk-wz.sh script return false for execpt four command

Added by ahmedkamal almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
08/03/2015
Due date:
% Done:

0%


Description

in the dsk-wz.sh script

case $command in
parted)
executor $command $arguments;
;;
mkfs.*)
executor $command $arguments;
;;
lsblk)
executor $command $arguments;
;;
fdisk)
executor $command $arguments;
;;
*)
# if a command is not one we know, we exit with an error
echo "Sorry, command $command is not known";
exit -1;
;;
esac

so it return false for all other command

dsk-wz.sh View (1.09 KB) ahmedkamal, 08/03/2015 02:23 PM

History

#1 Updated by tmkasun almost 6 years ago

I don't think it is a bug , but an additional safety feature to prevent executing unwanted , or unintended shell commands through the rails library1,You can always add new commands to here and allow it to execute through rails library, there won't be any restriction to that.
And why to have such safety mechanism is , this file(dsk-wz.sh) is created on-the fly(by install script) when the app is installed on the HDA,and it is placed in the elevated. so that it can execute commands with super user permission without asking for password(echo 'Defaults !requiretty' > /etc/sudoers.d/disk_wizard).So to prevent any unwanted actions, we filter out the commands only only allow those command to be executed through the script.

BTW , thta case statement is more compact now

case $command in
parted|mkfs.*|lsblk|fdisk|mount|umount|kill|df|mkdir|blkid|multipath|udevadm|partprobe)
    executor $command $arguments;
;;

[1]: https://github.com/amahi/disk-wizard/blob/master/lib/command_executor.rb#L78

#2 Updated by ahmedkamal almost 6 years ago

  • Status changed from New to Feedback

updated in commit

#3 Updated by ahmedkamal almost 6 years ago

  • Status changed from Feedback to Closed

Also available in: Atom