e424af2236
The CommandRunner used to run commands using su command and passing the actual command to be run as argument to it. su USER -c <cmd> This is susceptible to command line injection as noted in the bug. The fix required to do two things: 1. Pass the command to be run as list instead of a string. This is to ensure that the actual arguments are passed as arguments to the program ought to be executed. And by doing so, avoids running any commands passed in the argument. On the contrary, if the command were passed as a string to the shell, the arguments could be formed in a way to execute malicious commands. 2. The CommandRunner runs the command directly and uses setuid to lower the privileges if needed. If the 'runas' user is other than root, then its UID is obtained and setuid is invoked to set the real user-id and effective user-id to the given user. Change-Id: I654117e994fd38411508dbe9b85d06c28dc0e411 Closes-Bug: #1312246 |
||
---|---|---|
bin | ||
doc | ||
heat_cfntools | ||
tools | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Heat CloudFormation Tools
There are several bootstrap methods for cloudformations:
- Create image with application ready to go
- Use cloud-init to run a startup script passed as userdata to the nova server create
- Use the CloudFormation instance helper scripts
This package contains files required for choice #3.
- cfn-init - Reads the AWS::CloudFormation::Init for the instance resource,
-
installs packages, and starts services
- cfn-signal - Waits for an application to be ready before continuing, ie:
-
supporting the WaitCondition feature
cfn-hup - Handle updates from the UpdateStack CloudFormation API call
- Free software: Apache license
- Source: http://git.openstack.org/cgit/openstack/heat-cfntools
- Bugs: http://bugs.launchpad.net/heat-cfntools