)]}'
{"docker/swift/swift-base/swift_sudoers":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1dd1b19d8642b149be55d11b44e5df54e2a050c4","unresolved":false,"context_lines":[{"line_number":1,"context_line":"swift ALL\u003d(root) NOPASSWD: /bin/chown swift\\:swift /srv/node"},{"line_number":2,"context_line":"swift ALL\u003d(root) NOPASSWD: /usr/bin/chown swift\\:swift /srv/node"},{"line_number":3,"context_line":"swift ALL\u003d(root) NOPASSWD: /bin/chown swift\\:swift /srv/node/*"},{"line_number":4,"context_line":"swift ALL\u003d(root) NOPASSWD: /usr/bin/chown swift\\:swift /srv/node/*"},{"line_number":5,"context_line":"swift ALL\u003d(root) NOPASSWD: /var/lib/kolla/venv/bin/swift-rootwrap /etc/swift/rootwrap.conf *"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"3fa7e38b_de40cc37","line":3,"range":{"start_line":3,"start_character":61,"end_line":3,"end_character":62},"updated":"2019-11-05 12:52:12.000000000","message":"I think this will allow any command starting with \u0027/bin/chown swift\\:swift /srv/node/\u0027 to be executed, which could lead to a security hole.\n\nAfter shell globbing, the resulting command will actually be something like this IIUC:\n\n/bin/chown swift\\:swift /srv/node/x /srv/node/y /srv/node/z\n\nhttps://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-4-wildcards/","commit_id":"b8406a2daf2a598ecef19beef703a8202ad4d812"}],"docker/swift/swift-rsyncd/extend_start.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"b050c148e6bdccc4894ef8e70972169ef9d735bf","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"sudo chown swift:swift /srv/node"},{"line_number":4,"context_line":"sudo chown swift:swift /srv/node/*"},{"line_number":5,"context_line":"mkdir -p /var/lib/swift/lock"}],"source_content_type":"text/x-sh","patch_set":1,"id":"3fa7e38b_e8c5d28e","line":4,"updated":"2019-11-05 10:21:45.000000000","message":"Please update docker/swift/swift-base/swift_sudoers to allow these commands.","commit_id":"df9b4f1fd10eda140380fdf442e357564d332fe5"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"0d7738c652345d968ce8af9e35606feccc932b20","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"sudo find /srv/node/ -maxdepth 1 -type d -execdir chown swift:swift {} \\+"},{"line_number":4,"context_line":"mkdir -p /var/lib/swift/lock"}],"source_content_type":"text/x-sh","patch_set":3,"id":"3fa7e38b_275b14f7","line":3,"updated":"2019-11-05 15:51:23.000000000","message":"Nice solution.","commit_id":"2d122afaf9817cadc668b308c4f736e47c09a55f"}]}