Opened 3 years ago

Last modified 2 years ago

#3783 new defect

kea-admin script shouldn't fall back to src directory

Reported by: jreed Owned by:
Priority: low Milestone: Outstanding Tasks
Component: Unclassified Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

kea-admin script contains:

# Include utilities. Use installed version if available and
# use build version if it isn't.
if [ -e ${prefix}/share/kea/scripts/admin-utils.sh ]; then

. ${prefix}/share/kea/scripts/admin-utils.sh

else

. /tmp/src/kea-0.9.1/src/bin/admin/admin-utils.sh

fi

Imagine that an admin built the script in /tmp, didn't install the kea completely (or later lost the installed admin-utils.sh), and cleaned up tmp. Later someone could put their own tmp admin-utils.sh in place and it could be ran unknowingly with some elevated permission.

I don't think this should fall back to build tree.

Subtickets

Change History (8)

comment:1 Changed 3 years ago by hschempf

  • Milestone changed from Kea-proposed to Kea0.9.2
  • Priority changed from medium to low

comment:2 Changed 2 years ago by marcin

One additional issue is this...

You have an old installation of kea which includes admin-utils.sh in the installation directory. The installed Kea version doesn't have some functions, e.g. pgsql_execute. Someone updates source tree to the new version which includes pgsql_execute in admin-utils.sh and runs unit tests. The unit tests fail because pgsql_execute can't be found, as the test is using an installed version, only because it is there. This is not quite right! The test should know that it is in the test mode and use the version from the sources.

comment:3 Changed 2 years ago by fdupont

Is this ticket still for 0.9.2? If it is it must be addressed ASAP.

comment:4 Changed 2 years ago by tomek

  • Milestone changed from Kea0.9.2 to Kea0.9.2-final

comment:5 Changed 2 years ago by marcin

  • Priority changed from low to very low

Moving to "very-low" per post-beta 0.9.2 tickets scrub.

comment:6 Changed 2 years ago by marcin

  • Milestone changed from Kea0.9.2 to Kea1.0
  • Priority changed from very low to low

Move to 1.0, low priority as per tickets scrub on 07/31/2015.

comment:7 Changed 2 years ago by stephen

  • Milestone changed from Kea1.0 to DHCP Outstanding Tasks

As per Kea planning meeting in October, remove from 1.0.

comment:8 Changed 2 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.