[Tests] Testcase to ensure deny_remote can't be bypassed with a cup of "sudo tee" #46
Labels
Milestone
Comments
mcdope
added
enhancement
|
Currently the testing REQUIRES deny_remote to be disabled. So this would need to download the generated deb back to the github runner, installing & configuring it there again and then running the test. But that wont work because the missing usb gadget support on the github runner. The test would need to create a user on the runner, configure it for pamusb, connect to our runner, which then connects back by ssh (not using pamusb) and tries to use the "sudo tea". ... annoying. |
|
Maybe if we use docker container for testing instead of remote host we could use a serial console, which would then allow keeping deny_remote disabled while also having a ssh host to connect to and try the cup of tea... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(for some required knowledge see #39, maybe also #8, and the associated PRs)
We need a testcase for the functional testing to ensure
deny_remotecan't be bypassed by remote users with stuff like used in #39.For this a ssh session needs to be done after configuring (deny_remote enabled), testing some sudo command doesn't work, then trying the same like in #39 and verifying that it doesn't work. But guess we can't use
vithere since it's interactive....The text was updated successfully, but these errors were encountered: