Fix vtysh shell-ingestion security issue (#7991)

Fix vtysh shell-ingestion security issue Only expose the limited parameters of the command vtysh show.
2021-06-30 19:32:21 +08:00 · 2021-06-30 19:32:21 +08:00 · a7725e6480
commit a7725e6480
parent 76bef999fd
2 changed files with 4 additions and 2 deletions
--- a/files/image_config/sudoers/sudoers
+++ b/files/image_config/sudoers/sudoers
@ -33,7 +33,9 @@ Cmnd_Alias      READ_ONLY_CMDS = /sbin/brctl show, \
                                 /usr/bin/sfputil show *, \
                                 /usr/bin/teamshow, \
                                 /usr/bin/rvtysh *, \
-                                 /usr/bin/vtysh -c show *, \
+                                 /usr/bin/vtysh -c show version, \
+                                 /usr/bin/vtysh -c show bgp ipv[46] summary json, \
+                                 /usr/bin/vtysh -n [0-9] -c show version, \
                                 /bin/cat /var/log/syslog*, \
                                 /usr/bin/tail -F /var/log/syslog

--- a/src/sonic-utilities
+++ b/src/sonic-utilities
@ -1 +1 @@
-Subproject commit 72510da2ff97d4fbf3cb2ac4e79c866677fc48ae
+Subproject commit c235153025a2d35188bb5fbeb18a5ac78742c275