[Openstack-security] [Bug 1514569] Re: Fix Postgres root-enable

Amrith 1514569 at bugs.launchpad.net
Tue Sep 6 17:36:11 UTC 2016 

** Changed in: trove
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1514569

Title:
  Fix Postgres root-enable

Status in OpenStack DBaaS (Trove):
  Fix Released

Bug description:
  Fix PostgreSQL root functions

  The default PostgreSQL administration account is 'postgres'.

  In the current implementation Trove uses the 'postgres' account and
  return a new superuser called 'root' when the root access is requested.
  The user 'root' has however no special meaning in PostgreSQL and the
  existing applications may rely on the default superuser name 'postgres'.

  Trove should be using its own administrative account (os_admin)
  instead.

  Notes:

   The current implementation is broken for variaous reasons:

   - It uses UUIDs in place of 'secure' password.
   - It creates a 'root' user, but no database for it.
     The clients won't be able to authenticate without explicitly
     providing an existing database name.
   - The created 'root' user has no 'SUPERUSER' attribute and
     hence is not a real superuser (cannot perform certain tasks)...
   - The implementation suffers a defect that allows a non-root user
     gain root access to an instance without marking is as 'root-enabled'
     A similar defect exists in other datastores (MySQL) too:

   1. Create an instance.
   2. Enable root.
   3. Use your root access to change the password of the built-in
  'postgres' account (Trove will still work because it uses the
  'peer' authentication method - the UNIX account).
   4. Login as 'postgres' using the changed password and drop the
  created 'root' account.
   5. Backup & restore the instance.
   6. Trove reports the root has never been enabled (it checks for existence of
  superuser accounts other than the built-in 'postgres').
   7. You enjoy the root access of the 'postgres' user
  (the password is not reset on restore).

To manage notifications about this bug go to:
https://bugs.launchpad.net/trove/+bug/1514569/+subscriptions

More information about the Openstack-security mailing list