← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1365712] Re: Command Execution Possible Through Config File Tampering

 

Right, if you have write access to etc on the box... then all bets are
off.

** Changed in: nova
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1365712

Title:
  Command Execution Possible Through Config File Tampering

Status in OpenStack Compute (Nova):
  Won't Fix
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  New

Bug description:
  The OpenStack Security Group has been reviewing OpenStack code to find potential security vulnerabilities.
  One class of these vulnerabilities is to allow someone with write access to nova.conf to cause code to be executed as the OpenStack user.

  Some details are here:
  https://review.openstack.org/#/c/118910/

  More tracking information is here:
  https://bugs.launchpad.net/nova/+bug/1192971

  This bug is specifically to address the possible vulnerability at
  nova/nova/virt/baremetal/ipmi.py:292

  If a user has write access to nova.conf, he can set
  [baremetal]
  terminal = /bin/foo

  and cause /bin/foo to be executed.

  If a user has write access to nova.conf, he case set

  [baremetal]
  terminal_cert_dir = "; cat /etc/passwd"

  and cause the password file to be written to stdout.

  Some input validation would help correct this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1365712/+subscriptions