openstack team mailing list archive

Thread
Date

Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)

To: Eric Windisch <eric@xxxxxxxxxxxxxxxx>
From: Michael Still <michael.still@xxxxxxxxxxxxx>
Date: Wed, 08 Aug 2012 17:22:00 +1000
Cc: Thierry Carrez <thierry@xxxxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CALnZm-ZM4a_q8wZUwNwiA_=r6icGtWvt+y8ADiUDFyK8r5GBiA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0

On 08/08/12 14:33, Eric Windisch wrote:

> The solution here may be to use libguestfs, which seems to be a modern
> alternative to mtools, but to use it as a non-privileged user and to
> forego any illusions of mounting the filesystem anywhere via the kernel
> or FUSE.

Looking at the docs for the libguestfs python bindings, I think it
provides everything I need for config drive out of the box, so that's
certainly an option...

Mikal

References

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Thierry Carrez, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Michael Still, 2012-08-08
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Pádraig Brady, 2012-08-08
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Michael Still, 2012-08-08
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-08