diff options
| author | Yufang Zhang <zhangyufang@360.cn> | 2013-05-14 14:58:19 +0800 |
|---|---|---|
| committer | Yufang Zhang <yufang521247@gmail.com> | 2013-05-15 18:58:51 +0800 |
| commit | ea78eecbd275fa7466e56d6eb0dc7a3c60f5b640 (patch) | |
| tree | c7ceea117521f3caf6ecc083e5c7f7b3bbedfb91 | |
| parent | 3e0114f570d97c47b1b8eefce0bcd27146098b8d (diff) | |
Update KillFilter to stop at '\0' for readlink() function.
Python's readlink() implementation doesn't stop at '\0' when reading
file path. Thus after dnsmasq upgrade, it may return something like
'/usr/sbin/dnsmasq\03453 (deleted)', while C's or Shell's readlink()
return '/usr/sbin/dnsmasq'. This patch fixes this problem by cutting
the readlink() results with '\0', so that KillFilter could get correct
path.
Bug 1179793
Change-Id: I7354941e0508e019c8c9b63b87ad39f52ccb51ca
| -rw-r--r-- | openstack/common/rootwrap/filters.py | 4 | ||||
| -rw-r--r-- | tests/unit/test_rootwrap.py | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/openstack/common/rootwrap/filters.py b/openstack/common/rootwrap/filters.py index 58121cb..ae7c62c 100644 --- a/openstack/common/rootwrap/filters.py +++ b/openstack/common/rootwrap/filters.py @@ -194,6 +194,10 @@ class KillFilter(CommandFilter): return False try: command = os.readlink("/proc/%d/exe" % int(args[1])) + # NOTE(yufang521247): /proc/PID/exe may have '\0' on the + # end, because python doen't stop at '\0' when read the + # target path. + command = command.split('\0')[0] # NOTE(dprince): /proc/PID/exe may have ' (deleted)' on # the end if an executable is updated or deleted if command.endswith(" (deleted)"): diff --git a/tests/unit/test_rootwrap.py b/tests/unit/test_rootwrap.py index ea6ccbb..5a5d9ca 100644 --- a/tests/unit/test_rootwrap.py +++ b/tests/unit/test_rootwrap.py @@ -134,6 +134,18 @@ class RootwrapTestCase(utils.BaseTestCase): self.stubs.Set(os, 'readlink', fake_readlink) self.assertTrue(f.match(usercmd)) + def test_KillFilter_upgraded_exe(self): + """Makes sure upgraded exe's are killed correctly""" + # See bug #1179793. + def fake_readlink(blah): + return '/bin/commandddddd\0\05190bfb2 (deleted)' + + f = filters.KillFilter("root", "/bin/commandddddd") + usercmd = ['kill', 1234] + + self.stubs.Set(os, 'readlink', fake_readlink) + self.assertTrue(f.match(usercmd)) + def test_ReadFileFilter(self): goodfn = '/good/file.name' f = filters.ReadFileFilter(goodfn) |