Security fix for python interpreter replacement

green-coding-solutions / green-metrics-tool

Measure energy and carbon consumption of software

https://metrics.green-coding.io

GNU Affero General Public License v3.0

156 stars 20 forks source link

Security fix for python interpreter replacement #835

Closed ArneTR closed 1 month ago

ArneTR commented 1 month ago

It was possible to replace the python3 interpreter at the venv location with a malicious file.

Since we were giving access to the interpreter via a sudoers entry this would open a privilege escalation.

It is recommended to update to the newest version of the GMT and just re-run the install_linux.sh or install_mac.sh file. The fix will be applied then.

github-actions[bot] commented 1 month ago

Old Energy Estimation

Eco-CI Output: |Label|🖥 avg. CPU utilization [%]|🔋 Total Energy [Joules]|🔌 avg. Power [Watts]|Duration [Seconds]| |---|---|---|---|---| |Total Run (incl. overhead)|24.6967|1590.17|3.92|406| |Measurement #1|24.6649|1590.17|3.93|405| 🌳 CO2 Data: City: Chicago, Lat: 41.8874, Lon: -87.6318 IP: 172.183.229.80 CO₂ from energy is: 0.702855140 g CO₂ from manufacturing (embodied carbon) is: 0.115837406 g Carbon Intensity for this location: 442 gCO₂eq/kWh SCI: 0.818693 gCO₂eq / pipeline run emitted

github-actions[bot] commented 1 month ago

Eco-CI Output:	Label	🖥 avg. CPU utilization [%]	🔋 Total Energy [Joules]	🔌 avg. Power [Watts]	Duration [Seconds]
Total Run (incl. overhead)	21.0296	1906.47	3.71	514
Measurement #1	20.9774	1906.47	3.72	513

🌳 CO2 Data: City: Chicago, Lat: 41.8874, Lon: -87.6318 IP: 172.183.133.241 CO₂ from energy is: 0.861724440 g CO₂ from manufacturing (embodied carbon) is: 0.146651297 g Carbon Intensity for this location: 452 gCO₂eq/kWh SCI: 1.008376 gCO₂eq / pipeline run emitted