arno/gns3-server
1
0
Fork 0
mirror of https://github.com/GNS3/gns3-server synced 2024-12-01 04:38:12 +00:00
Code Issues Releases Wiki Activity

Check for sticky bit when checking for executable access.

Browse Source
This commit is contained in:
grossmj 2014-06-21 06:53:47 -06:00
parent 49506ada3f
commit 14bb12d3fb
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gns3server/main.py
View File

@ -70,6 +70,7 @@ def locale_check():
locale.setlocale(locale.LC_ALL, (language, "UTF-8")) locale.setlocale(locale.LC_ALL, (language, "UTF-8"))
except locale.Error as e: except locale.Error as e:
log.error("could not set an UTF-8 encoding for the {} locale: {}".format(language, e)) log.error("could not set an UTF-8 encoding for the {} locale: {}".format(language, e))
raise SystemExit
else: else:
log.info("current locale is {}.{}".format(language, encoding)) log.info("current locale is {}.{}".format(language, encoding))

7
gns3server/modules/attic.py
View File

@ -23,6 +23,7 @@ import sys
import os import os
import struct import struct
import socket import socket
import stat
import errno import errno
import time import time
@ -120,8 +121,12 @@ def has_privileged_access(executable):
:returns: True or False :returns: True or False
""" """
# we are root, so we should have privileged access too
if os.geteuid() == 0: if os.geteuid() == 0:
# we are root, so we should have privileged access.
return True
if not sys.platform.startswith("win") and os.stat(executable).st_mode & stat.S_ISVTX == stat.S_ISVTX:
# the executable has a sticky bit.
return True return True
# test if the executable has the CAP_NET_RAW capability (Linux only) # test if the executable has the CAP_NET_RAW capability (Linux only)

7
gns3server/modules/dynamips/__init__.py
View File

@ -31,6 +31,7 @@ from gns3server.modules import IModule
from .hypervisor import Hypervisor from .hypervisor import Hypervisor
from .hypervisor_manager import HypervisorManager from .hypervisor_manager import HypervisorManager
from .dynamips_error import DynamipsError from .dynamips_error import DynamipsError
from ..attic import has_privileged_access
# Nodes # Nodes
from .nodes.router import Router from .nodes.router import Router
@ -378,12 +379,18 @@ class Dynamips(IModule):
nio.connect(rhost, rport) nio.connect(rhost, rport)
elif request["nio"]["type"] == "nio_generic_ethernet": elif request["nio"]["type"] == "nio_generic_ethernet":
ethernet_device = request["nio"]["ethernet_device"] ethernet_device = request["nio"]["ethernet_device"]
if not has_privileged_access(self._dynamips):
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, ethernet_device))
nio = NIO_GenericEthernet(node.hypervisor, ethernet_device) nio = NIO_GenericEthernet(node.hypervisor, ethernet_device)
elif request["nio"]["type"] == "nio_linux_ethernet": elif request["nio"]["type"] == "nio_linux_ethernet":
ethernet_device = request["nio"]["ethernet_device"] ethernet_device = request["nio"]["ethernet_device"]
if not has_privileged_access(self._dynamips):
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, ethernet_device))
nio = NIO_LinuxEthernet(node.hypervisor, ethernet_device) nio = NIO_LinuxEthernet(node.hypervisor, ethernet_device)
elif request["nio"]["type"] == "nio_tap": elif request["nio"]["type"] == "nio_tap":
tap_device = request["nio"]["tap_device"] tap_device = request["nio"]["tap_device"]
if not has_privileged_access(self._dynamips):
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, tap_device))
nio = NIO_TAP(node.hypervisor, tap_device) nio = NIO_TAP(node.hypervisor, tap_device)
elif request["nio"]["type"] == "nio_unix": elif request["nio"]["type"] == "nio_unix":
local_file = request["nio"]["local_file"] local_file = request["nio"]["local_file"]