cinder allows 'env' as commandfilter in rootwrap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Medium
|
Dirk Mueller |
Bug Description
cinder/
def qemu_img_
"""Return a object containing the parsed output from qemu-img info."""
out, err = utils.execute(
return QemuImgInfo(out)
This was added as part of I849b04b8aae76d
There is nothing wrong with that per se, however the rootwrap filters were updated with:
+ env: CommandFilter, /usr/bin/env, root
env is a wrapper that allows to run any command in the $PATH, so this is more or less equivalent to allowing bash in commandfilter. As a hardening precaution, env should not be allowed in CommandFilter.
The code in question can be easily reworked and EnvFilter can be used instead to harden the check.
Changed in cinder: | |
assignee: | John Griffith (john-griffith) → Dirk Mueller (dmllr) |
status: | Triaged → In Progress |
Changed in cinder: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | icehouse-2 → 2014.1 |
Seems this should be fixed up in other places as well, including the brick/local_ dev/lvm. py code.