Do not hardcode /bin/kill and /bin/cat

Bug #1519839 reported by Domen Kožar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.rootwrap
Confirmed
Wishlist
Unassigned

Bug Description

Filters have hardcoded /bin/kill and /bin/cat paths. That's unfortunate as that might not be the desired path.

As I understand exec_dirs should limit the path of executables so filters have no need to hardcode paths.

Revision history for this message
Ben Nemec (bnemec) wrote :

The /bin/cat hard-coding appears to be just a convenience filter, and if you make it configurable it turns into essentially CommandFilter.

KillFilter appears to have actual logic related to killing processes though, so I could see an argument to make that configurable.

I should also note that we are encouraging people to move to oslo.privsep instead of oslo.rootwrap. There's much less chance of operator error exposing security holes with privsep.

Changed in oslo.rootwrap:
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.