Fix vtysh shell-ingestion security issue (#7759)

Fix vtysh shell-ingestion security issue
Only expose the limited parameters of the command vtysh show.
This commit is contained in:
xumia 2021-06-28 09:57:08 +08:00 committed by GitHub
parent dbd086bf98
commit 5c503b81ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -31,8 +31,10 @@ Cmnd_Alias READ_ONLY_CMDS = /bin/cat /var/log/syslog*, \
/usr/bin/sensors, \
/usr/bin/tail -F /var/log/syslog, \
/usr/bin/rvtysh *, \
/usr/bin/vtysh -c show *, \
/usr/bin/vtysh -n [0-9] -c show *, \
/usr/bin/vtysh -c show version, \
/usr/bin/vtysh -c show bgp ipv[46] summary json, \
/usr/bin/vtysh -n [0-9] -c show version, \
/usr/bin/vtysh -n [0-9] -c show bgp ipv[46] summary json, \
/usr/local/bin/decode-syseeprom, \
/usr/local/bin/generate_dump, \
/usr/local/bin/ipintutil, \