[Openstack-security] [Bug 1250101] Re: Cinder's rootwrap filters allow to run find as root, which allows arbitrary commands

Daniel Gollub d.gollub at telekom.de
Sat Feb 22 11:23:51 UTC 2014


** Changed in: cinder
     Assignee: (unassigned) => Daniel Gollub (d-gollub)

** Changed in: cinder
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1250101

Title:
  Cinder's rootwrap filters allow to run find as root, which allows
  arbitrary commands

Status in Cinder:
  In Progress
Status in Oslo - a Library of Common OpenStack Code:
  Invalid
Status in OpenStack Security Advisories:
  Invalid

Bug description:
  The patch
  https://github.com/openstack/cinder/commit/688c515b9d662486395d36c303ca599376a1dc0d
  added the find command to etc/cinder/rootwrap.d/volume.filters. This
  introduces a security hole as the find command is able to call exec,
  and so the cinder user can run any command as root. For example:

  vagrant at controller:~$ sudo -u cinder bash
  cinder at controller:~$ id
  uid=109(cinder) gid=115(cinder) groups=115(cinder)

  cinder at controller:~$ sudo /usr/bin/cinder-rootwrap
  /etc/cinder/rootwrap.conf find /etc/hosts -exec bash \;

  root at controller:~# id
  uid=0(root) gid=0(root) groups=0(root)

  
  I guess the way to fix this is to add a FindFilter to Oslo that rejects calls to find with the -exec or -execdir argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1250101/+subscriptions




More information about the Openstack-security mailing list