[Openstack-security] [Bug 1514569] Re: Fix Postgres root-enable

OpenStack Infra 1514569 at bugs.launchpad.net
Mon Nov 9 20:11:58 UTC 2015 

Fix proposed to branch: master
Review: https://review.openstack.org/243292

** Changed in: trove
       Status: New => In Progress

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1514569

Title:
  Fix Postgres root-enable

Status in Trove:
  In Progress

Bug description:
  Fix PostgreSQL root functions

  The default PostgreSQL administration account is 'postgres'.

  In the current implementation Trove uses the 'postgres' account and
  return a new superuser called 'root' when the root access is requested.
  The user 'root' has however no special meaning in PostgreSQL and the
  existing applications may rely on the default superuser name 'postgres'.

  Trove should be using its own administrative account (os_admin)
  instead.

  Notes:

   The current implementation is broken for variaous reasons:

   - It uses UUIDs in place of 'secure' password.
   - It creates a 'root' user, but no database for it.
     The clients won't be able to authenticate without explicitly
     providing an existing database name.
   - The created 'root' user has no 'SUPERUSER' attribute and
     hence is not a real superuser (cannot perform certain tasks)...
   - The implementation suffers a defect that allows a non-root user
     gain root access to an instance without marking is as 'root-enabled'
     A similar defect exists in other datastores (MySQL) too:

   1. Create an instance.
   2. Enable root.
   3. Use your root access to change the password of the built-in
  'postgres' account (Trove will still work because it uses the
  'peer' authentication method - the UNIX account).
   4. Login as 'postgres' using the changed password and drop the
  created 'root' account.
   5. Backup & restore the instance.
   6. Trove reports the root has never been enabled (it checks for existence of
  superuser accounts other than the built-in 'postgres').
   7. You enjoy the root access of the 'postgres' user
  (the password is not reset on restore).

To manage notifications about this bug go to:
https://bugs.launchpad.net/trove/+bug/1514569/+subscriptions

More information about the Openstack-security mailing list