opendev/gerrit
Code Issues Proposed changes

Disable administrative permissions during X-Gerrit-RunAs

Browse Source 
When executing an action on behalf of an administrator, disable the
administrateServer capability during the request. This may limit
the damage a compromised role account could cause by avoiding any
permissions that are not explicitly granted.

Change-Id: I263e1d8e1a645617842f11b7712f79f5c009c6ca
This commit is contained in:
Shawn Pearce
2013-06-12 11:21:35 -07:00
parent 8597ecf620
commit f3ffd088ef
6 changed files with 70 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gerrit-sshd/src/main/java/com/google/gerrit/sshd/SuExec.java
View File

@@ -126,8 +126,12 @@ public final class SuExec extends BaseCommand {
} else {
peer = peerAddress;
}
CurrentUser self = caller.get();
if (self instanceof PeerDaemonUser) {
self = null;
}
return new SshSession(session.get(), peer,
userFactory.create(peer, accountId));
userFactory.runAs(peer, accountId, self));
}
private static String join(List<String> args) {