Browse Source

Don't attempt to escalate ec2-api-manage privileges

Remove code which allowed ec2-api-manage to attempt to escalate
privileges so that configuration files can be read by users who
normally wouldn't have access, but do have sudo access.

Change-Id: I1ab7052fc117f064054e3127517da77598b6d27b
Closes-Bug:#1611171
tags/4.0.0
Iswarya_Vakati 3 years ago
committed by iswarya vakati
parent
commit
f8dbd1cc45
1 changed files with 2 additions and 17 deletions
  1. +2
    -17
      ec2api/cmd/manage.py

+ 2
- 17
ec2api/cmd/manage.py View File

@@ -17,7 +17,6 @@
CLI interface for EC2 API management.
"""

import os
import sys

from oslo_config import cfg
@@ -25,7 +24,6 @@ from oslo_log import log

from ec2api import config
from ec2api.db import migration
from ec2api.i18n import _


CONF = cfg.CONF
@@ -62,21 +60,8 @@ command_opt = cfg.SubCommandOpt('command',

def main():
CONF.register_cli_opt(command_opt)
try:
config.parse_args(sys.argv)
log.setup(CONF, "ec2api")
except cfg.ConfigFilesNotFoundError:
cfgfile = CONF.config_file[-1] if CONF.config_file else None
if cfgfile and not os.access(cfgfile, os.R_OK):
st = os.stat(cfgfile)
print(_("Could not read %s. Re-running with sudo") % cfgfile)
try:
os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + sys.argv)
except Exception:
print(_('sudo failed, continuing as if nothing happened'))

print(_('Please re-run ec2-api-manage as root.'))
return(2)
config.parse_args(sys.argv)
log.setup(CONF, "ec2api")

try:
CONF.command.func()


Loading…
Cancel
Save