#3198 Issue closed: Bug: ReaR should abort as early as possible if rear recover is run outside rescue system

schlomo opened issue at 2024-04-05 16:32:


While working on the #3190 story I noticed that we first apply an update downloaded from $RECOVERY_UPDATE_URL and then check if we are actually in the recovery system :face_with_head_bandage:. This could lead to an update getting applied to an origin system if somebody would accidentally (or maliciously) run rear recover there.


Proposed Solution

Check very early for recovery mode

jsmeix commented at 2024-04-10 07:06:

init/default/030_update_recovery_system.sh contains

test "$WORKFLOW" != "recover" && return

so I wonder how it could apply an update downloaded
into the original system?

schlomo commented at 2024-04-10 13:09:

Yes, still felt wrong to check so late for recovery mode 🤷

jsmeix commented at 2024-04-10 13:27:

Of course the check for recovery mode was too late
but I asked because I do not understand your
initial description of this issue which looks
as if you got update downloaded appiled onto
your original system by 030_update_recovery_system.sh
i.e. as if I made a severe bug in that script.

FYI about its history:

schlomo commented at 2024-04-10 13:56:

Ah, so I sort of fixed what happened at that old XX to XXX change? Nice.

I didn't have a problem with unplanned system updates, it was more of a thought.

