Reviewed: https://review.openstack.org/75629 Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=6af10e84e1a3f1e4673bc2f58142269a2bfeefcf Submitter: Jenkins Branch: master commit 6af10e84e1a3f1e4673bc2f58142269a2bfeefcf Author: Daniel Gollub <d.gollub at telekom.de> Date: Wed Feb 19 07:37:20 2014 +0100 Restrict rootwrap find filter for NetAppNFS driver Additional make the name of the filter unique, so it does not override any other rule. Like the find rule of the GPFS driver. Rootwrap is making use of plain python ConfigParser which handles INI files with key=value pair like fashion. Where the key is unique. Closes-Bug: 1250101 Change-Id: Id2f193485089e12f00008b38fad2b95a09674ff2 ** Changed in: cinder Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1250101 Title: Cinder's rootwrap filters allow to run find as root, which allows arbitrary commands Status in Cinder: Fix Committed Status in Oslo - a Library of Common OpenStack Code: Invalid Status in OpenStack Security Advisories: Invalid Bug description: The patch https://github.com/openstack/cinder/commit/688c515b9d662486395d36c303ca599376a1dc0d added the find command to etc/cinder/rootwrap.d/volume.filters. This introduces a security hole as the find command is able to call exec, and so the cinder user can run any command as root. For example: vagrant at controller:~$ sudo -u cinder bash cinder at controller:~$ id uid=109(cinder) gid=115(cinder) groups=115(cinder) cinder at controller:~$ sudo /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf find /etc/hosts -exec bash \; root at controller:~# id uid=0(root) gid=0(root) groups=0(root) I guess the way to fix this is to add a FindFilter to Oslo that rejects calls to find with the -exec or -execdir argument. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1250101/+subscriptions