Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vm/qubesvm: add validator for default_user property

Browse Source 
Don't allow characters potentially interfering with qrexec. To be on the
safe side, allow only alphanumeric characters + very few selected
punctuations.
This commit is contained in:
Marek Marczykowski-Górecki 2017-03-12 01:53:46 +01:00
parent 0f8fab088e
commit da51e6f032
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
qubes/vm/qubesvm.py
View File

@ -30,6 +30,7 @@ import os
import os.path import os.path
import re import re
import shutil import shutil
import string
import subprocess import subprocess
import sys import sys
import time import time
@ -165,6 +166,16 @@ def _setter_positive_int(self, prop, value):
return value return value
def _setter_default_user(self, prop, value):
''' Helper for setting default user '''
value = str(value)
# specifically forbid: ':', ' ', ''', '"'
allowed_chars = string.ascii_letters + string.digits + '_-+,.'
if not all(c in allowed_chars for c in value):
raise qubes.exc.QubesPropertyValueError(self, prop, value,
'Username can contain only those characters: ' + allowed_chars)
return value
class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM): class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
'''Base functionality of Qubes VM shared between all VMs. '''Base functionality of Qubes VM shared between all VMs.
@ -461,6 +472,7 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
default_user = qubes.property('default_user', type=str, default_user = qubes.property('default_user', type=str,
default=(lambda self: self.template.default_user default=(lambda self: self.template.default_user
if hasattr(self, 'template') else 'user'), if hasattr(self, 'template') else 'user'),
setter=_setter_default_user,
ls_width=12, ls_width=12,
doc='FIXME') doc='FIXME')