diff --git a/utils/create_image.in b/utils/create_image.in index 89a9a446719ebbee5632c21ae7da0c29195923de..e146fff0804c8cbff93d81d074ec71ded16e2053 100755 --- a/utils/create_image.in +++ b/utils/create_image.in @@ -9,6 +9,7 @@ use English; use Getopt::Std; use POSIX qw(setsid); +use File::Basename; # # Create a disk image. @@ -203,9 +204,13 @@ my $filename = $imageid_row{'path'}; my $isglobal = $imageid_row{'global'}; # -# If a global image, make up a name. Admin person will need to copy image -# to boss. +# Throw an error if the image is global; we cannot write images into +# /usr/testbed/images. In fact, lets check the filename just in case. # +if ($isglobal) { + die("*** $0:\n". + " Not able to autocreate images that are marked global!\n"); +} # Untaint. Very silly. if ($filename =~ /^([-\w\.\/\+]+)$/) { @@ -216,6 +221,34 @@ else { " Bad filename: $filename!\n"); } +# +# Make sure real path is someplace that makes sense; remember that the +# image is created on the nodes, and it NFS mounts directories on ops. +# Writing the image to anyplace else is just going to break things. +# +# Use realpath to resolve any symlinks. +# +my $translated = `realpath $filename`; +if ($translated =~ /^([-\w\.\/]+)$/) { + $filename = $1; +} +else { + die("*** $0:\n". + " Bad data returned by realpath: $translated\n"); +} + +# +# The file must reside in /proj, /groups, or /users. Since this script +# runs as the caller, regular file permission checks ensure its a file +# the user is allowed to use. +# +if (! ($filename =~ /^\/proj/) && + ! ($filename =~ /^\/groups/) && + ! ($filename =~ /^\/users/)) { + die("*** $0:\n". + " $filename does not resolve to an allowed directory!\n"); +} + # # Be sure to kill off running frisbee. If a node is trying to load that # image, well tough. diff --git a/www/defs.php3.in b/www/defs.php3.in index 9f27dcdf1b652036dfa650f09c714d687f30a168..44749b81c190f06c3f1188bb2efc6a32b35b2c52 100644 --- a/www/defs.php3.in +++ b/www/defs.php3.in @@ -209,6 +209,7 @@ define("SUEXEC_ACTION_CONTINUE", 0); define("SUEXEC_ACTION_DIE", 1); define("SUEXEC_ACTION_USERERROR", 2); define("SUEXEC_ACTION_IGNORE", 3); +define("SUEXEC_ACTION_DUPDIE", 4); # # An suexec error. @@ -235,6 +236,10 @@ function SUEXECERROR($action) break; case SUEXEC_ACTION_IGNORE: break; + case SUEXEC_ACTION_DUPDIE: + TBERROR($foo, 0, 1); + USERERROR("