[Openstack-security] [Bug 1556231] Fix included in openstack/openstack-ansible 11.2.11
Davanum Srinivas (DIMS)
davanum at gmail.com
Fri Mar 18 10:47:22 UTC 2016
This issue was fixed in the openstack/openstack-ansible 11.2.11 release.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1556231
Title:
Rootwrap configuration has incorrect ownership
Status in openstack-ansible:
Fix Committed
Status in openstack-ansible kilo series:
Fix Released
Status in openstack-ansible liberty series:
Fix Committed
Status in openstack-ansible trunk series:
Fix Committed
Bug description:
The /etc/<openstack_service>/rootwrap.conf file and
/etc/<openstack_service>/rootwrap.d directory and its contents created
by the Nova, Neutron, Cinder and Ceilomer playbooks/roles are
incorrectly owned by a user other than root.
This is a security vulnerability inasmuch as it may allow users with
lower privileges to modify the rootwrap configuration and escalate
privileges.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1556231/+subscriptions
More information about the Openstack-security
mailing list