The sudoers files as installed with openstack-tripleo-common package
is much too permissive. It contains several lines for the mistral
user that have wildcards that allow directory traversal with ".."
which grants full passwordless root access to the validations user.
Reviewed: https:/ /review. openstack. org/486147 /git.openstack. org/cgit/ openstack/ tripleo- common/ commit/ ?id=34713f3b52f 4da950d565f7ad4 90f03d55706b82
Committed: https:/
Submitter: Jenkins
Branch: master
commit 34713f3b52f4da9 50d565f7ad490f0 3d55706b82
Author: Toure Dunnon <email address hidden>
Date: Fri Jul 21 09:45:31 2017 -0400
tripleo-common sudoers file is to permissive.
The sudoers files as installed with openstack- tripleo- common package
is much too permissive. It contains several lines for the mistral
user that have wildcards that allow directory traversal with ".."
which grants full passwordless root access to the validations user.
Change-Id: I34073671c8f97d 7bfbe1030ed52e6 627a07dacfb
Related-Bug: 1705709