[Openstack-security] [Bug 1556231] Fix merged to openstack-ansible (kilo)

OpenStack Infra 1556231 at bugs.launchpad.net
Fri Mar 11 21:20:00 UTC 2016


Reviewed:  https://review.openstack.org/291868
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=3c54d097ab8549c6b275351255606b452d71f252
Submitter: Jenkins
Branch:    kilo

commit 3c54d097ab8549c6b275351255606b452d71f252
Author: Travis Truman <travis_truman at cable.comcast.com>
Date:   Fri Mar 11 13:42:00 2016 -0500

    rootwrap configuration must be owned by root
    
    See https://wiki.openstack.org/wiki/Rootwrap#Security_model
    for details
    
    Backport of changes:
     * I5b4354f6cc834bae2ba8962b5a283831d7ff9e4f
     * I2f45cc628fef706cae323840bf65645a61a26b6d
     * I349cafcef8e897db6e8e94e47aa6f55ae20f6f82
     * I0a31173cf96b6e1bf4c19bee95702aae0c04042c
    
    Change-Id: Id72ed598bbd0b6546e8cb0eb5b45ded607ed90e9
    Closes-Bug: #1556231

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1556231

Title:
  Rootwrap configuration has incorrect ownership

Status in openstack-ansible:
  Fix Committed
Status in openstack-ansible kilo series:
  Fix Committed
Status in openstack-ansible liberty series:
  Fix Committed
Status in openstack-ansible trunk series:
  Fix Committed

Bug description:
  The /etc/<openstack_service>/rootwrap.conf file and
  /etc/<openstack_service>/rootwrap.d directory and its contents created
  by the Nova, Neutron, Cinder and Ceilomer playbooks/roles are
  incorrectly owned by a user other than root.

  This is a security vulnerability inasmuch as it may allow users with
  lower privileges to modify the rootwrap configuration and escalate
  privileges.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1556231/+subscriptions




More information about the Openstack-security mailing list