[Openstack-security] [openstack/ceilometer] SecurityImpact review request change I91a32a62204dd44fa850f9ec0efd4f45cd3d72c2
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Sep 22 19:47:32 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/123237
Log:
commit 0cd8389616df13f7927d35747ff5d285ae447cde
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Mon Sep 22 14:34:50 2014 -0500
Safer use of eval
eval() was used with an empty globals parameter. This meant that
the expression could call __import__ and then do whatever (remove
all your files, for examples). By setting globals to
{'__builtins__': None} the expression can't use __import__.
This is for security hardening.
SecurityImpact
Change-Id: I91a32a62204dd44fa850f9ec0efd4f45cd3d72c2
Partial-Bug: #1367022
More information about the Openstack-security
mailing list