[Openstack-security] [Bug 1365712] Re: Command Execution Possible Through Config File Tampering
Sean Dague
sean at dague.net
Wed Sep 10 11:43:19 UTC 2014
Right, if you have write access to etc on the box... then all bets are
off.
** Changed in: nova
Status: New => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1365712
Title:
Command Execution Possible Through Config File Tampering
Status in OpenStack Compute (Nova):
Won't Fix
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
New
Bug description:
The OpenStack Security Group has been reviewing OpenStack code to find potential security vulnerabilities.
One class of these vulnerabilities is to allow someone with write access to nova.conf to cause code to be executed as the OpenStack user.
Some details are here:
https://review.openstack.org/#/c/118910/
More tracking information is here:
https://bugs.launchpad.net/nova/+bug/1192971
This bug is specifically to address the possible vulnerability at
nova/nova/virt/baremetal/ipmi.py:292
If a user has write access to nova.conf, he can set
[baremetal]
terminal = /bin/foo
and cause /bin/foo to be executed.
If a user has write access to nova.conf, he case set
[baremetal]
terminal_cert_dir = "; cat /etc/passwd"
and cause the password file to be written to stdout.
Some input validation would help correct this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1365712/+subscriptions
More information about the Openstack-security
mailing list