diff options
-rw-r--r-- | openstack/common/rootwrap/filters.py | 4 | ||||
-rw-r--r-- | tests/unit/test_rootwrap.py | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/openstack/common/rootwrap/filters.py b/openstack/common/rootwrap/filters.py index 58121cb..ae7c62c 100644 --- a/openstack/common/rootwrap/filters.py +++ b/openstack/common/rootwrap/filters.py @@ -194,6 +194,10 @@ class KillFilter(CommandFilter): return False try: command = os.readlink("/proc/%d/exe" % int(args[1])) + # NOTE(yufang521247): /proc/PID/exe may have '\0' on the + # end, because python doen't stop at '\0' when read the + # target path. + command = command.split('\0')[0] # NOTE(dprince): /proc/PID/exe may have ' (deleted)' on # the end if an executable is updated or deleted if command.endswith(" (deleted)"): diff --git a/tests/unit/test_rootwrap.py b/tests/unit/test_rootwrap.py index ea6ccbb..5a5d9ca 100644 --- a/tests/unit/test_rootwrap.py +++ b/tests/unit/test_rootwrap.py @@ -134,6 +134,18 @@ class RootwrapTestCase(utils.BaseTestCase): self.stubs.Set(os, 'readlink', fake_readlink) self.assertTrue(f.match(usercmd)) + def test_KillFilter_upgraded_exe(self): + """Makes sure upgraded exe's are killed correctly""" + # See bug #1179793. + def fake_readlink(blah): + return '/bin/commandddddd\0\05190bfb2 (deleted)' + + f = filters.KillFilter("root", "/bin/commandddddd") + usercmd = ['kill', 1234] + + self.stubs.Set(os, 'readlink', fake_readlink) + self.assertTrue(f.match(usercmd)) + def test_ReadFileFilter(self): goodfn = '/good/file.name' f = filters.ReadFileFilter(goodfn) |