mirror of
https://git.proxmox.com/git/mirror_ifupdown2
synced 2025-06-14 18:37:42 +00:00
1e6d7bd76c
Ticket: CM-7066 Reviewed By: scotte,roopa,olson Testing Done: Unit testing and regression testing This patch does two things: 1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2. This should allow administrators to specify a config file location different from the default and allow subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown. 2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users from specifying their own interfaces file. This defaults to "1" (even if it is not configured). Note: this new default takes away users ability to specify an interfaces file. This should close the vulnerability where users could specify their own interfaces file and add arbitrary user commands. This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery commands already require root access to run and the interfaces config file also requires root access to modify. |
||
|---|---|---|
| .. | ||
| images | ||
| addonsapiref.rst | ||
| addonshelperapiref.rst | ||
| apiref.rst | ||
| conf.py | ||
| developmentcorner.rst | ||
| gettingstarted.rst | ||
| index.rst | ||
| intro.rst | ||
| userguide.rst | ||