x/gce-api
Code Issues Proposed changes

Don't attempt to escalate gce-api-manage privileges

Browse Source 
Remove code which allowed gce-api-manage to attempt to escalate
privileges so that configuration files can be read by users who
normally wouldn't have access, but do have sudo access.

Change-Id: I0a684f0239bef1669c15b6c54a658c6e6f2f430c
Closes-Bug: 1611171
This commit is contained in:
pallavi 2016-09-17 16:42:01 +05:30 committed by iswarya vakati
parent 967108eafe
commit 1e7910cc08
1 changed files with 3 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
gceapi/cmd/manage.py
View File

@ -17,7 +17,6 @@
CLI interface for GCE API management. CLI interface for GCE API management.
""" """
import os
import sys import sys
from oslo_config import cfg from oslo_config import cfg
@ -25,7 +24,6 @@ from oslo_log import log
from gceapi import config from gceapi import config
from gceapi.db import migration from gceapi.db import migration
from gceapi.i18n import _
CONF = cfg.CONF CONF = cfg.CONF
@ -61,22 +59,10 @@ command_opt = cfg.SubCommandOpt('command',
def main(): def main():
"""Parse options and call the appropriate class/method."""
CONF.register_cli_opt(command_opt) CONF.register_cli_opt(command_opt)
try: config.parse_args(sys.argv)
config.parse_args(sys.argv) log.setup(CONF, "gceapi")
log.setup(CONF, "gceapi")
except cfg.ConfigFilesNotFoundError:
cfgfile = CONF.config_file[-1] if CONF.config_file else None
if cfgfile and not os.access(cfgfile, os.R_OK):
st = os.stat(cfgfile)
print(_("Could not read %s. Re-running with sudo") % cfgfile)
try:
os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + sys.argv)
except Exception:
print(_('sudo failed, continuing as if nothing happened'))
print(_('Please re-run gce-api-manage as root.'))
return(2)
try: try:
CONF.command.func() CONF.command.func()