653856 – "persist" cmd should check input for read-only system files

Bug 653856 - "persist" cmd should check input for read-only system files

Summary: "persist" cmd should check input for read-only system files

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ovirt-node
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	6.2
Assignee:	Mike Burns
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-11-16 10:00 UTC by Pengzhen Cao
Modified:	2016-04-26 13:41 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-20 13:26:21 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Pengzhen Cao 2010-11-16 10:00:40 UTC

Description of problem:
"persist" cmd in rhevh do not check the file name  user inputed to persist,thus we can persist a system file, such as "/sbin/init", "/usr/sbin/ovirt-config-setup". This is insecure and will fail if we want to unpersist these files. 

Version-Release number of selected component (if applicable):
5.6 and 6.0

How reproducible:
100%

Steps to Reproduce:
1. persist "/sbin/scsi_id"
2. unpersist "/sbin/scsi_id"
3.
  
Actual results:
file can be persisted but can not be unpersisted

Expected results:
There should be a check, if user want to persist read-only files then it will not proceed.

Additional info:

Comment 1 Perry Myers 2011-10-20 13:26:21 UTC

The persist functionality is not supported for end-user usage, so closing this bug

Note You need to log in before you can comment on or make changes to this bug.