White list external resources
Bug #1832387 reported by
Chris Sanders
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
hw-health-charm |
Fix Released
|
High
|
Alvaro Uria |
Bug Description
The 3rd party resources that are user provided get installed in /usr/local/bin which presents the ability for any user with attach-resource to put arbitrary files on the system for root to run.
To mitigate this, a white list needs to be included for resource installation and only resources with a hash that matches the approved white list will be installed. Specifically sha256 has has been requested by an end user security team.
Related branches
~aluria/charm-hw-health/+git/hw-health-charm:bug/1832387
Merged
into
~nagios-charmers/charm-hw-health:master
at
revision 206415505bf33e0b6d4a154a6251d4be0323d51e
- Jeremy Lounder (community): Approve
- Ryan Beisner (community): Needs Information
- Canonical IS Reviewers: Pending requested
- Alex Kavanagh: Pending requested
- Andrew McLeod: Pending requested
-
Diff: 441 lines (+213/-51)6 files modified.gitignore (+2/-0)
Makefile (+14/-3)
src/CONTRIBUTING (+10/-0)
src/lib/hwhealth/tools.py (+46/-15)
src/reactive/hw_health.py (+29/-9)
src/tests/functional/test_hwhealth.py (+112/-24)
description: | updated |
Changed in hw-health-charm: | |
assignee: | nobody → Alvaro Uria (aluria) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in hw-health-charm: | |
status: | In Progress → Fix Released |
To post a comment you must log in.