openstack/oslo.rootwrap

Go to file

Daniel Alvarez ed125c0c1c Make IpNetnsExecFilter more strict to detect aliases

Currently, this filter only takes into account 'ip netns exec' as
input but this command accepts different aliases like 'ip net e' or
'ip netn ex', etcetera. This is a security issue since bypassing
this filter basically allows anyone to execute arbitary commands
because IpFilter will get hit and there's not going to be any
further checks against CommandFilters.

Change-Id: I2f6e55de4e60f2d3a6166c2fefbc31e9afc6c26f
Closes-Bug: 1765734
Co-Authored-By: Jakub Libosvar <jlibosva@redhat.com>
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>

2018-05-10 12:40:29 +00:00

Update to support running benchmark on python3

2018-04-04 11:40:23 -04:00

Updated from global requirements

2018-03-15 07:50:39 +00:00

Allow rootwrap-daemon to timeout and exit

2017-03-02 10:58:04 +09:00

Make IpNetnsExecFilter more strict to detect aliases

2018-05-10 12:40:29 +00:00

Update reno for stable/queens

2018-01-24 18:07:26 +00:00

.gitignore

Add reno for release notes management

2016-06-30 09:59:31 +00:00

.gitreview

Add .gitreview for oslo.rootwrap

2013-11-27 15:22:57 +01:00

.testr.conf

Add standalone project packaging support files

2013-11-21 16:25:23 +01:00

.zuul.yaml

add lower-constraints job

2018-03-24 21:02:51 -04:00

CONTRIBUTING.rst

Workflow documentation is now in infra-manual

2014-12-05 03:30:39 +00:00

LICENSE

Add standalone project packaging support files

2013-11-21 16:25:23 +01:00

lower-constraints.txt

fix lower constraints and uncap eventlet

2018-04-12 10:48:11 -04:00

README.rst

Update links in README

2018-02-28 01:35:47 +08:00

requirements.txt

Updated from global requirements

2017-11-16 11:21:52 +00:00

setup.cfg

Treat doc warnings as errors

2018-01-08 11:47:18 -06:00

setup.py

Updated from global requirements

2017-03-03 00:03:18 +00:00

test-requirements.txt

fix lower constraints and uncap eventlet

2018-04-12 10:48:11 -04:00

tox.ini

set default python to python3

2018-04-13 16:05:18 -04:00

README.rst

Team and repository tags

oslo.rootwrap -- Escalated Permission Control

oslo.rootwrap allows fine-grained filtering of shell commands to run as root from OpenStack services.

License: Apache License, Version 2.0
Documentation: https://docs.openstack.org/oslo.rootwrap/latest/
Source: https://git.openstack.org/cgit/openstack/oslo.rootwrap
Bugs: https://bugs.launchpad.net/oslo.rootwrap