9cbb681446
Currently it is possible to inject speculative plugins into untrusted jobs. These plugins are run locally on the executor and make it possible to run arbitraty code within the bwrap context. There are two problems here. First the path check is broken such it never matches a plugin dir. Further we don't check paths residing within playbook dirs. Change-Id: Idf1b940de2be7819afeb2dbad943fad2ae7ebc55 |
||
---|---|---|
.. | ||
filter_plugins | ||
tasks |