[Openstack-security] [Bug 1556231] Re: Rootwrap configuration has incorrect ownership

Jesse Pretorius jesse.pretorius at gmail.com
Fri Mar 11 18:28:32 UTC 2016 

** Also affects: openstack-ansible/kilo
   Importance: Undecided
       Status: New

** Also affects: openstack-ansible/liberty
   Importance: Undecided
       Status: New

** Also affects: openstack-ansible/trunk
   Importance: Undecided
     Assignee: Travis Truman (travis-truman)
       Status: New

** Changed in: openstack-ansible/kilo
    Milestone: None => 11.2.11

** Changed in: openstack-ansible/liberty
    Milestone: None => 12.0.8

** Changed in: openstack-ansible/trunk
    Milestone: None => 13.0.0

** Changed in: openstack-ansible/kilo
   Importance: Undecided => Critical

** Changed in: openstack-ansible/trunk
   Importance: Undecided => Critical

** Changed in: openstack-ansible/kilo
       Status: New => Confirmed

** Changed in: openstack-ansible/liberty
   Importance: Undecided => Critical

** Changed in: openstack-ansible/liberty
       Status: New => Confirmed

** Changed in: openstack-ansible/trunk
       Status: New => Fix Committed

** Changed in: openstack-ansible/liberty
     Assignee: (unassigned) => Travis Truman (travis-truman)

** Changed in: openstack-ansible/kilo
     Assignee: (unassigned) => Travis Truman (travis-truman)

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1556231

Title:
  Rootwrap configuration has incorrect ownership

Status in openstack-ansible:
  Fix Committed
Status in openstack-ansible kilo series:
  Confirmed
Status in openstack-ansible liberty series:
  Confirmed
Status in openstack-ansible trunk series:
  Fix Committed

Bug description:
  The /etc/<openstack_service>/rootwrap.conf file and
  /etc/<openstack_service>/rootwrap.d directory and its contents created
  by the Nova, Neutron, Cinder and Ceilomer playbooks/roles are
  incorrectly owned by a user other than root.

  This is a security vulnerability inasmuch as it may allow users with
  lower privileges to modify the rootwrap configuration and escalate
  privileges.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1556231/+subscriptions

More information about the Openstack-security mailing list