• Kirk Webb's avatar
    Sprinkle taint checks throughout tmcd to avert privilege escalation. · d9c27fac
    Kirk Webb authored
    Also add utility function to allow the node to get the exact details of
    the image it is running ('imageinfo').
    
    Some of the taint checks are rather heavy-handed presently.  Pretty much
    any vector that could be used by the user to do something as root has
    been severed right at the top of the relevant tmcd calls.
    
    Calls affected:
    
    manifest ('blackbox' and 'useronly' taintstates)
    rpms ('blackbox' and 'useronly' taintstates)
    tarballs ('blackbox' and 'useronly' taintstates)
    blobs ('blackbox' and 'useronly' taintstates)
    startupcmd ('blackbox' taintstate)
    mounts ('blackbox' taintstate)
    programs ('blackbox' taintstate)
    
    Taint handling for the 'accounts' call was dealt with in a prior commit.
    d9c27fac
tbdefs.h 5.49 KB