Fix vtysh shell-ingestion security issue (#7759)
Fix vtysh shell-ingestion security issue Only expose the limited parameters of the command vtysh show.
This commit is contained in:
parent
dbd086bf98
commit
5c503b81ae
@ -31,8 +31,10 @@ Cmnd_Alias READ_ONLY_CMDS = /bin/cat /var/log/syslog*, \
|
||||
/usr/bin/sensors, \
|
||||
/usr/bin/tail -F /var/log/syslog, \
|
||||
/usr/bin/rvtysh *, \
|
||||
/usr/bin/vtysh -c show *, \
|
||||
/usr/bin/vtysh -n [0-9] -c show *, \
|
||||
/usr/bin/vtysh -c show version, \
|
||||
/usr/bin/vtysh -c show bgp ipv[46] summary json, \
|
||||
/usr/bin/vtysh -n [0-9] -c show version, \
|
||||
/usr/bin/vtysh -n [0-9] -c show bgp ipv[46] summary json, \
|
||||
/usr/local/bin/decode-syseeprom, \
|
||||
/usr/local/bin/generate_dump, \
|
||||
/usr/local/bin/ipintutil, \
|
||||
|
Loading…
Reference in New Issue
Block a user