Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security hardening: fix possible shell injection vulnerability
The glance/cmd/control.py file contains a possible shell injection vulnerability: https://github.com/openstack/glance/blob/master/glance/cmd/control.py#L134 . Setting 'shell=True' here opens the possibility of shell injection by setting server to something like '; rm -rf /'. This will cause the command 'rm -rf /' to be run with the privileges of the user that ran Glance. The fix is to parameterize the input so that the command run here can only be 'logger'. Change-Id: If48106ceea1dd582bcec9d03e056d88591bcba8d Closes-bug: 1335208
- Loading branch information