http://bugzilla.opensuse.org/show_bug.cgi?id=910500 Shad Sterling <me@shadsterling.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |me@shadsterling.com, | |nfbrown@suse.com Flags| |needinfo?(nfbrown@suse.com) Severity|Normal |Critical --- Comment #5 from Shad Sterling <me@shadsterling.com> --- I think I'm having the same problem, with a different error message: /var/lib/mdcheck/.md-check-29228: line 5: syntax error near unexpected token `(' /var/lib/mdcheck/.md-check-29228: line 5: `MD_NAME=adumbrate:Backups (mirror set)' In my case, the problem is that mdadm --detail --export does not shell-escape its output. The error is triggered by lines 90 and 91 of /usr/share/mdadm/mdcheck : mdadm --detail --export "$dev" > $tmp || continue source $tmp Where "$tmp" in this case was set to "/var/lib/mdcheck/.md-check-29228" on line 68. The value of MD_NAME includes characters that must be escaped to appear in a string. In my case, it syntax errors on the parenthesis; in grant's case it tries to redirect stdin from a nonexistent file (it may also have created a file named ":nas03"). It looks like this bug makes it possible to execute arbitrary shell commands as root by including them in an MD_NAME, for example MD_NAME=; rm -rf / tosiara's error looks like a different problem. I have mdadm-3.3.1-5.3.1.x86_64 on openSUSE 13.2 (Harlequin) (x86_64) -- You are receiving this mail because: You are on the CC list for the bug.