[Openstack-security] [Bug 1432003] Re: Files in Scality driver are created world readable/writable

Thierry Carrez thierry.carrez+lp at gmail.com
Mon Mar 23 15:25:09 UTC 2015 

** Tags added: security

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1432003

Title:
  Files in Scality driver are created world readable/writable

Status in Cinder:
  New
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  On this line in the Scality driver:
  https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/scality.py#L124
  files which are created by the utility function are set to word
  readable and writable.  This function is utilized in the following
  cases:

  - volume creation: https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/scality.py#L156
  - snapshot creation: https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/scality.py#L178
  - volume extension: https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/scality.py#L289

  While it's possible that these files are supposed to be created in a
  directory which is protected, files should always be restricted
  according to the principle of least privilege.  If these files are
  created in a directory without restricted permissions, any user on the
  system can tamper with these volumes and snapshots.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1432003/+subscriptions

More information about the Openstack-security mailing list