turbinia icon indicating copy to clipboard operation
turbinia copied to clipboard

Published 20 hours ago verified publisher icon google

Add privilege aware execution handler

Open aarontp opened this issue 6 years ago • 2 comments

Currently Turbinia assumes that it runs as a user with sudo privileges. We should add methods to the TurbiniaTask object to handle executing privileged commands rather than hard-coding sudo into commands being run.

aarontp avatar Sep 03 '17 18:09 aarontp

Additional suggestion: We can harden sudo by properly restricting who can use sudo and what can be used with sudo in the sudoers config file.

beamcodeup avatar Dec 01 '17 00:12 beamcodeup

In the mean time, should we add "sudo" to all command execution that might need to be run with elevated privileges?

Use case is image_export.py parsing a disk.image file with chmod 000 in a GoogleCloudDiskRawEmbedded

rgayon avatar May 17 '19 14:05 rgayon

@aarontp is this solved now that we run insider docker containers and workers are privileged/we can define the user to run as within the Dockerfile?

jleaniz avatar Jul 21 '23 15:07 jleaniz

Yeah, we can probably close this one out now.

aarontp avatar Jul 22 '23 00:07 aarontp