mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-30 20:28:08 +00:00
Check for sticky bit when checking for executable access.
This commit is contained in:
parent
49506ada3f
commit
14bb12d3fb
@ -70,6 +70,7 @@ def locale_check():
|
||||
locale.setlocale(locale.LC_ALL, (language, "UTF-8"))
|
||||
except locale.Error as e:
|
||||
log.error("could not set an UTF-8 encoding for the {} locale: {}".format(language, e))
|
||||
raise SystemExit
|
||||
else:
|
||||
log.info("current locale is {}.{}".format(language, encoding))
|
||||
|
||||
|
@ -23,6 +23,7 @@ import sys
|
||||
import os
|
||||
import struct
|
||||
import socket
|
||||
import stat
|
||||
import errno
|
||||
import time
|
||||
|
||||
@ -120,8 +121,12 @@ def has_privileged_access(executable):
|
||||
:returns: True or False
|
||||
"""
|
||||
|
||||
# we are root, so we should have privileged access too
|
||||
if os.geteuid() == 0:
|
||||
# we are root, so we should have privileged access.
|
||||
return True
|
||||
|
||||
if not sys.platform.startswith("win") and os.stat(executable).st_mode & stat.S_ISVTX == stat.S_ISVTX:
|
||||
# the executable has a sticky bit.
|
||||
return True
|
||||
|
||||
# test if the executable has the CAP_NET_RAW capability (Linux only)
|
||||
|
@ -31,6 +31,7 @@ from gns3server.modules import IModule
|
||||
from .hypervisor import Hypervisor
|
||||
from .hypervisor_manager import HypervisorManager
|
||||
from .dynamips_error import DynamipsError
|
||||
from ..attic import has_privileged_access
|
||||
|
||||
# Nodes
|
||||
from .nodes.router import Router
|
||||
@ -378,12 +379,18 @@ class Dynamips(IModule):
|
||||
nio.connect(rhost, rport)
|
||||
elif request["nio"]["type"] == "nio_generic_ethernet":
|
||||
ethernet_device = request["nio"]["ethernet_device"]
|
||||
if not has_privileged_access(self._dynamips):
|
||||
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, ethernet_device))
|
||||
nio = NIO_GenericEthernet(node.hypervisor, ethernet_device)
|
||||
elif request["nio"]["type"] == "nio_linux_ethernet":
|
||||
ethernet_device = request["nio"]["ethernet_device"]
|
||||
if not has_privileged_access(self._dynamips):
|
||||
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, ethernet_device))
|
||||
nio = NIO_LinuxEthernet(node.hypervisor, ethernet_device)
|
||||
elif request["nio"]["type"] == "nio_tap":
|
||||
tap_device = request["nio"]["tap_device"]
|
||||
if not has_privileged_access(self._dynamips):
|
||||
raise DynamipsError("{} has no privileged access to {}.".format(self._dynamips, tap_device))
|
||||
nio = NIO_TAP(node.hypervisor, tap_device)
|
||||
elif request["nio"]["type"] == "nio_unix":
|
||||
local_file = request["nio"]["local_file"]
|
||||
|
Loading…
Reference in New Issue
Block a user