Feature #3312
Updated by Anonymous over 11 years ago
That means "ceph-deploy osd myhost:sdb" could allow myhost to attack the admin workstation. Deserializing pickles from an untrusted source is dangerous: http://docs.python.org/library/pickle
Either refactor pushy to use a more limited protocol (e.g. JSON objects over SSH?), or port ceph-deploy away from pushy.
The idea of "execute this python function remotely over ssh" is very useful, and teuthology could benefit from it also; don't just go back to "run this unix command remotely".