This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
moskvanaft
suggested changes
Jul 2, 2018
contracts/eosio.sudo/eosio.sudo.cpp
Outdated
require_auth( executer ); | ||
|
||
size_t trx_pos = ds.tellp(); | ||
send_deferred( (uint128_t(executer) << 64) | current_time(), executer, buffer+trx_pos, size ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't it be size-trx_pos
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be. Thanks.
In practice, send_deferred
is pretty flexible about the size passed in as long as it isn't smaller than the actual size of the serialized transaction data, but indeed size-trx_pos
is the correct expression for the argument to pass into this send_deferred
call.
moskvanaft
approved these changes
Jul 2, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #4142.
Adds a new contract (eosio.sudo) that is meant to be deployed to a privileged account
eosio.sudo
. This contract provides just one actionexec
which takes a transaction and schedules it as a deferred transaction while bypassing normal authorization checks (which it can do since it is on a privileged account).It does however check for authorization of itself (as well as authorization of the
executer
). The idea is that theeosio.sudo
account should have its permissions set up like all the othereosio.*
accounts: satisfied entirely by theactive
permission of theeosio
account, which in turn is fully satisfied by theactive
permission of theeosio.prods
account. Effectively, it means that only a greater than two-thirds supermajority of the active block producers are able to use theeosio.sudo::exec
action to execute any transaction while bypassing all regular authorization checks.This PR also includes tests related to the eosio.sudo contract, including testing the ability to propose a transaction that uses
eosio.sudo::exec
via the eosio.msig contract.Also, @moskvanaft's changes to cleos to add the
cleos multisig propose_trx
account were added into this PR as well (those changes were originally meant for the v1.1 release) because it would be infeasible to deploy and use the eosio.sudo contract without it.