Dashboard Builder: Add capability to use Grafonnet #13
Conversation
There was a problem hiding this comment.
I'm wondering about the security of calling a command line without checking its content ?
Should it increase user privileges ? if the command (grafana-import) has sudo rights it may cause pb !
It is especially for .py files (not jsonnet !)
Maybe a warning on this case should be set in the README...
It is a marginal case but...
There was a problem hiding this comment.
Hi. I hear you on one hand, but on the other, giving a regular program like grafana-import which can do all sorts of things root permissions would be a bad idea per se, no?
If a user can run a (dashboard builder) program with python dashboard-builder.py, or if they do it through grafana-import, does not make any big difference, right?
It might be different when grafana-import would expose its functionality via a web service or similar means, where the user and the runtime are on different machines. But still in this case, I guess shlex.split() offers enough protective measures so it can't be exploited to invoke a different program, if you are referring to that?
So, if you don't mind, my personal evaluation of this is that shelling out like grafana-import is doing it, is safe enough for its purpose. If you really think it's not, or if anyone else from the community has any other objections or concerns, please let me know on behalf of a concrete example that demonstrates a relevant vulnerability, by creating a dedicated issue.
if the command (grafana-import) has sudo rights it may cause pb !
If you think I misunderstood your statement, where I translated "sudo rights" into "root permissions", please let me know. What does "pb" actually refer to?
|
You are right : arguments are good. the subject is closed :)
Le ven. 26 avr. 2024 à 20:40, Andreas Motl ***@***.***> a
écrit :
… ***@***.**** commented on this pull request.
------------------------------
On grafana_import/util.py
<#13 (comment)>
:
Hi. I hear you on one hand, but on the other, giving a regular program
like grafana-import which can do all sorts of things *root permissions*
would be a bad idea per se, no?
If a user can run a (dashboard builder) program with python
dashboard-builder.py, or if they do it through grafana-import, does not
make any big difference, right?
It might be different when grafana-import would expose its functionality
via a web service or similar means, where the user and the runtime are on
different machines. But still in this case, I guess shlex.split() offers
enough protective measures so it can't be exploited to invoke a different
program?
So, if you don't mind, my personal evaluation of this is that shelling out
like grafana-import is doing it, is safe enough for its purpose. If you
really think its not, or if anyone else from the community has any other
objections, please let me know on behalf of a concrete example that
demonstrates a potential vulnerability.
—
Reply to this email directly, view it on GitHub
<#13 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQGB3MKP5YQJPFTM634WMKDY7KNRBAVCNFSM6AAAAABGX7UC4GVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDAMRVGY2TMMJUGU>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
About
In order to expand GH-10, this patch adds the capability to use Grafonnet as dashboard builder.
References