-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify exploiters to use OTP in commands #3118
Conversation
1bc19ba
to
7b3381f
Compare
1f20bc8
to
c4dbea9
Compare
3a25bbf
to
8db172d
Compare
00f29ca
to
9ee3fd2
Compare
monkey/agent_plugins/exploiters/hadoop/src/hadoop_command_builder.py
Outdated
Show resolved
Hide resolved
Consider rebasing this on |
9ee3fd2
to
b88cd0b
Compare
d9ff803
to
f11b93e
Compare
monkey/agent_plugins/exploiters/hadoop/src/hadoop_command_builder.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OTP is an essential part of the agent command line, it's not exploiter specific option. I think we should've modified build_monkey_commandline
and build_monkey_commandline_explicitly
Both of these build and return the arguments that are passed to the Agent binary when it's run. We need to set the OTP as an environment variable on the machine before the binary is run. |
0930389
to
f9e27fc
Compare
a262521
to
595eeeb
Compare
1bf6fa7
to
f02bd83
Compare
b0becc3
to
b394e1e
Compare
Using `export` in agent run commands is unnecessary and undesirable. It will add the environment variable to the parent process's environment, not just the environment of the agent process. This will expose the OTP more than necessary, violating the principle of least privilege. It will also make it difficult (impossible?) for the agent to properly clean up all traces of the OTP.
Using `export` in agent run commands is unnecessary and undesirable. It will add the environment variable to the parent process's environment, not just the environment of the agent process. This will expose the OTP more than necessary, violating the principle of least privilege. It will also make it difficult (impossible?) for the agent to properly clean up all traces of the OTP.
7b7cbc3
to
8d98ef8
Compare
What does this PR do?
Fixes #3077
PR Checklist
Testing Checklist