security: fix reverse shell vulnerability in function library. #2830
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -88,7 +88,7 @@ def _exec_sandbox(self, _code, _id): | |||
| os.system(f"chown {self.user}:{self.user} {exec_python_file}") | |||
| kwargs = {'cwd': BASE_DIR} | |||
| subprocess_result = subprocess.run( | |||
| ['su', '-c', python_directory + ' ' + exec_python_file, self.user], | |||
| ['su', '-s', python_directory, '-c', "exec(open('" + exec_python_file + "').read())", self.user], | |||
| text=True, | |||
| capture_output=True, **kwargs) | |||
| os.remove(exec_python_file) | |||
There was a problem hiding this comment.
The provided `su` command is incorrect because it uses `-s`, which changes the shell to `/bin/sh`. To execute Python directly from a file, use `'bash'` instead of specifying the shell separately.
Here's an optimized version:
```python
subprocess.run(
['su', '-c', f"exec(open('{exec_python_file}').read())", self.user],
text=True,
capture_output=True, **kwargs)This assumes that you are using Linux with Bash. If your system uses a different default shell, adjust the arguments accordingly.
liqiang-fit2cloud
deleted the
pr@main@fix_reverse_shell_vulnerability_in_function_library
branch
security: fix reverse shell vulnerability in function library.