Reviewed: https://review.openstack.org/76529 Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=2c44cfa2db0cd1a5ba6c02581b34136d7ee5d4fb Submitter: Jenkins Branch: master commit 2c44cfa2db0cd1a5ba6c02581b34136d7ee5d4fb Author: Daniel Gollub <d.gollub at telekom.de> Date: Wed Feb 19 07:41:24 2014 +0100 Restrict rootwrap find filter for IBM NAS and GPFS Additional make the name of the filter unique, so it does not override any other rule. Like the find rule of the NetAppNFS driver. Rootwrap is making use of plain python ConfigParser which handles INI files with key=value pair like fashion. Where the key is unique. Related-Bug: 1250101 Change-Id: I56a96084dc736e73e3e9533803f65956699891a0 -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1250101 Title: Cinder's rootwrap filters allow to run find as root, which allows arbitrary commands Status in Cinder: Fix Committed Status in Oslo - a Library of Common OpenStack Code: Invalid Status in OpenStack Security Advisories: Invalid Bug description: The patch https://github.com/openstack/cinder/commit/688c515b9d662486395d36c303ca599376a1dc0d added the find command to etc/cinder/rootwrap.d/volume.filters. This introduces a security hole as the find command is able to call exec, and so the cinder user can run any command as root. For example: vagrant at controller:~$ sudo -u cinder bash cinder at controller:~$ id uid=109(cinder) gid=115(cinder) groups=115(cinder) cinder at controller:~$ sudo /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf find /etc/hosts -exec bash \; root at controller:~# id uid=0(root) gid=0(root) groups=0(root) I guess the way to fix this is to add a FindFilter to Oslo that rejects calls to find with the -exec or -execdir argument. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1250101/+subscriptions