[Openstack-security] [Bug 1556231] Fix included in openstack/openstack-ansible 12.0.8

Doug Hellmann doug at doughellmann.com
Fri Mar 18 12:47:33 UTC 2016


This issue was fixed in the openstack/openstack-ansible 12.0.8 release.

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1556231

Title:
  Rootwrap configuration has incorrect ownership

Status in openstack-ansible:
  Fix Committed
Status in openstack-ansible kilo series:
  Fix Released
Status in openstack-ansible liberty series:
  Fix Released
Status in openstack-ansible trunk series:
  Fix Committed

Bug description:
  The /etc/<openstack_service>/rootwrap.conf file and
  /etc/<openstack_service>/rootwrap.d directory and its contents created
  by the Nova, Neutron, Cinder and Ceilomer playbooks/roles are
  incorrectly owned by a user other than root.

  This is a security vulnerability inasmuch as it may allow users with
  lower privileges to modify the rootwrap configuration and escalate
  privileges.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1556231/+subscriptions




More information about the Openstack-security mailing list