Bug 653856 - "persist" cmd should check input for read-only system files
Summary: "persist" cmd should check input for read-only system files
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ovirt-node
Version: 6.2
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: 6.2
Assignee: Mike Burns
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-16 10:00 UTC by Pengzhen Cao
Modified: 2016-04-26 13:41 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-20 13:26:21 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Pengzhen Cao 2010-11-16 10:00:40 UTC
Description of problem:
"persist" cmd in rhevh do not check the file name  user inputed to persist,thus we can persist a system file, such as "/sbin/init", "/usr/sbin/ovirt-config-setup". This is insecure and will fail if we want to unpersist these files. 

Version-Release number of selected component (if applicable):
5.6 and 6.0

How reproducible:
100%

Steps to Reproduce:
1. persist "/sbin/scsi_id"
2. unpersist "/sbin/scsi_id"
3.
  
Actual results:
file can be persisted but can not be unpersisted

Expected results:
There should be a check, if user want to persist read-only files then it will not proceed.

Additional info:

Comment 1 Perry Myers 2011-10-20 13:26:21 UTC
The persist functionality is not supported for end-user usage, so closing this bug


Note You need to log in before you can comment on or make changes to this bug.