Hi,
Has the database structure changed between 5.19 and 5.20 ? We experience a regressions issue and want to try to rollback to 5.19
Xavier
Question
Downgrade from 5.20 to 5.19
Is the regression we encounter linked to this fix ?
Fix command injection vulnerability in exec commands with ${option.name}
Fixed a critical command injection vulnerability in exec commands where shell control characters in job option values were not properly escaped, now protecting against malicious input by applying shell escaping to all ${option.name} values by default while providing a compatibility flag for edge cases.
The command which now fails is :
sudo -s su - ${node.db2RefInstanceUser} -c "'/workdb2/scripts/backup/men_backup.shย ${node.db2RefInstanceUser} ${node.db2RefDatabase} FNET Q'"
ย
Hey Xavier,ย
Could you please specify what specific errors are you seeing and why do you think you need to roll back?
I canโt sayย if it's related to that fix without details on the regression you are seeing so screenshots would be highly appreciated.
Hi Maria,
Our users modified their scripts to properly escape the variables, and the problem was fixed. Some variables were expanded to a null value making scripts fail.
ย
The command which failed is this :
sudo -s su - ${node.db2RefInstanceUser} -c "'/workdb2/scripts/backup/men_backup.sh ${node.db2RefInstanceUser} ${node.db2RefDatabase} FNET Q'"If our user is unable to fix all his scripts, we consider addingย rundeck.feature.exec.quoting.enabled=false ti framework.properties, knowing that is poses security problems.
Downgrading is not anymore considered
Regards,
Xavier
Login to PagerDuty Commons
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.