Bug 2043479 - execute bit of /usr/share/btrbk/scripts/ssh_filter_btrbk.sh was removed
Summary: execute bit of /usr/share/btrbk/scripts/ssh_filter_btrbk.sh was removed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: btrbk
Version: 35
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Juan Orti
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-21 10:21 UTC by Sjoerd Mullender
Modified: 2022-01-29 06:38 UTC (History)
3 users (show)

Fixed In Version: btrbk-0.31.3-3.fc35
Clone Of:
Environment:
Last Closed: 2022-01-29 06:38:35 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Sjoerd Mullender 2022-01-21 10:21:20 UTC 
Description of problem:
In the latest version of btrbk (0.31.3-1) the execute bits of the scripts in /usr/share/btrbk/scripts were removed as a response to a security issue.
As a result of this, creating remote backups using btrbk using the advertised method of securing the remote command using ssh_filter_btrbk.sh is no longer possible.
My question, how is it safer not being able to create a remote backup vs. a fixed remote execution bug?
In other words, please reinstate the execute bit of this script.

Version-Release number of selected component (if applicable):
btrbk-0.31.3-1

How reproducible:
100%

Steps to Reproduce:
1.create btrbk config, and add a command in your root's .ssh/authorized_keys file.
2.try to use btrbk to remotely copy a backup
3.

Actual results:
ERROR: Failed to fetch subvolume detail for '<hostname>:<directory>'
ERROR: ... Command execution failed (exitcode=126)
ERROR: ... sh: ssh -i /etc/btrbk/ssh/id_rsa root@<hostname> 'readlink -v -e <directory>'
ERROR: ... bash: line 1: /usr/share/btrbk/scripts/ssh_filter_btrbk.sh: Permission denied

Expected results:
No error.

Additional info:
See bugs 1994988 1994989 (I can only read the public parts)
Comment 1 Juan Orti 2022-01-21 11:54:16 UTC 
My bad, I misunderstood the other bug reports. I'll send an update ASAP.
Comment 2 Fedora Update System 2022-01-21 12:10:45 UTC 
FEDORA-2022-c844d2edcc has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-c844d2edcc
Comment 3 Fedora Update System 2022-01-21 12:11:29 UTC 
FEDORA-2022-cf2784607b has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-cf2784607b
Comment 4 Sjoerd Mullender 2022-01-21 12:36:52 UTC 
Thanks for the quick response.
Comment 5 Fedora Update System 2022-01-22 01:21:46 UTC 
FEDORA-2022-cf2784607b has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-cf2784607b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-cf2784607b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2022-01-22 02:08:26 UTC 
FEDORA-2022-c844d2edcc has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c844d2edcc`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c844d2edcc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2022-01-29 06:32:35 UTC 
FEDORA-2022-cf2784607b has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2022-01-29 06:38:35 UTC 
FEDORA-2022-c844d2edcc has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.