Bug#1086575: tgt: The example in the manpage for media_home isn't supported by tgt-admin

Fri, 01 Nov 2024 08:45:20 -0700 

Package: tgt
Version: 1:1.0.85-1
Severity: wishlist

Dear Maintainer,

Under in the tgtadm man page under the media_home documentation there
are tgtadm commands to set this a virtual jukebox. However, the first
step, "The dvd starts out without a backing store" isn't supported by
tgt-admin.

I propose a patch that makes this supported. Additionally, I include two
example conf files for a dvd jukebox exactly as per the manpage and a
virtual tape library.

Note that this patch no longer allows shell expansion of variables (and
shell scripts) in the conf file in the areas of the code I've changed.
This might be classed as a regression.  This patch should also fix
#905028.


tgt-admin.patch  - the patch itself
tgt-admin.conf   - a conffile that should be identical to the man page
                   example.
tapechanger.conf - a conffile for a vtl. Commented instructions at the
                   end for how to use it.


Additionally, I would suggest that tgt-admin verifies that all of the
conffiles it reads are owned and only writeable by root. There are
countless shell escape vulnerabilites that would allow anyone with write
access to a conf file to gain root permissions when it starts. (My perl
skills are not sufficient to do this so I have not included a patch but
I've made my best effort to resolve these issues in the areas of the
code I have touched.)

-- System Information:
Debian Release: 12.7
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-26-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tgt depends on:
ii  init-system-helpers        1.65.2
ii  libaio1                    0.3.113-4
ii  libc6                      2.36-9+deb12u8
ii  libconfig-general-perl     2.65-2
ii  libibverbs1                44.0-2
ii  librdmacm1                 44.0-2
ii  libsystemd0                252.30-1~deb12u2
ii  lsb-base                   11.6
ii  sg3-utils                  1.46-3
ii  sysvinit-utils [lsb-base]  3.06-4

tgt recommends no packages.

Versions of packages tgt suggests:
pn  tgt-glusterfs  <none>
pn  tgt-rbd        <none>

-- no debconf information

--- /usr/sbin/tgt-admin.orig    2024-11-01 09:20:29.007424225 +0000
+++ /usr/sbin/tgt-admin 2024-11-01 15:13:29.826332459 +0000
@@ -423,6 +423,7 @@
                }
        }
 
+       $param_value =~ s/'/\\'/g;
        if ($param eq "scsi_id" ||
            $param eq "scsi_sn" ||
            $param eq "vendor_id" ||
@@ -438,10 +439,12 @@
            $param eq "optimal_xfer_gran" ||
            $param eq "optimal_xfer_len" ||
            $param eq "readonly") {
-               return("tgtadm -C $control_port --lld $driver --op update 
--mode logicalunit --tid $next_tid --lun=$lun --params 
$param=\"$param_value\"");
+               return("tgtadm -C $control_port --lld $driver --op update 
--mode logicalunit --tid $next_tid --lun=$lun --params $param='$param_value'");
        }
        if ($param eq "params") {
-               return("tgtadm -C $control_port --lld $driver --op update 
--mode logicalunit --tid $next_tid --lun=$lun --params \"$param_value\"");
+               $param_value =~ s/\${tid}/$next_tid/g;
+               $param_value =~ s/\${lun}/$lun/g;
+               return("tgtadm -C $control_port --lld $driver --op update 
--mode logicalunit --tid $next_tid --lun=$lun --params '$param_value'");
 
        }
 }
@@ -488,7 +491,7 @@
        }
 
        if ($can_alloc == 1 &&
-          ($bstype =~ "glfs" || $bstype =~ "rbd" || (-e $backing_store && ! -d 
$backing_store))) {
+          ($bstype =~ "glfs" || $bstype =~ "rbd" || $backing_store =~ "^NONE:" 
|| (-e $backing_store && ! -d $backing_store))) {
                my @exec_commands;
                my $device_type;
                my $bs_type;
@@ -720,12 +723,20 @@
                        exit 1;
                }
                # Execute commands for a given LUN
-               if (length $device_type) { $device_type = "--device-type 
$device_type" };
-               if (length $bs_type) { $bs_type = "--bstype $bs_type" };
-               if (length $bsopts) { $bsopts = "--bsopts $bsopts" };
-               if (length $bsoflags) { $bsoflags = "--bsoflags $bsoflags" };
-               if (length $block_size) { $block_size = "--blocksize 
$block_size" };
-               execute("tgtadm -C $control_port --lld $driver --op new --mode 
logicalunit --tid $next_tid --lun $lun -b \"$backing_store\" $device_type 
$bs_type $bsopts $bsoflags $block_size");
+               # Escape any single quotes
+               $device_type =~ s/'/\\'/g;
+               $bs_type =~ s/'/\\'/g;
+               $bsopts =~ s/'/\\'/g;
+               $bsoflags =~ s/'/\\'/g;
+               $block_size =~ s/'/\\'/g;
+               $backing_store =~ s/'/\\'/g;
+               if (length $device_type) { $device_type = "--device-type 
'$device_type'" };
+               if (length $bs_type) { $bs_type = "--bstype '$bs_type'" };
+               if (length $bsopts) { $bsopts = "--bsopts '$bsopts'" };
+               if (length $bsoflags) { $bsoflags = "--bsoflags '$bsoflags'" };
+               if (length $block_size) { $block_size = "--blocksize 
'$block_size'" };
+               if ($backing_store =~ "^NONE:") { $backing_store = "" } else { 
$backing_store = "-b '$backing_store'" }
+               execute("tgtadm -C $control_port --lld $driver --op new --mode 
logicalunit --tid $next_tid --lun $lun $backing_store $device_type $bs_type 
$bsopts $bsoflags $block_size");
 
                # Commands should be executed in order
                my @execute_last;

Attachment: tgt-admin.conf
Description: Binary data

Attachment: tapechanger.conf
Description: Binary data

Reply via email to