yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1031311] Re: [OSSA 2012-011] CVE-2012-3361 not fully addressed

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Mon, 15 Sep 2014 15:39:45 -0000
Reply-to: Bug 1031311 <1031311@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** No longer affects: nova/diablo

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1031311

Title:
  [OSSA 2012-011] CVE-2012-3361 not fully addressed

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) essex series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “nova” package in Ubuntu:
  Fix Released
Status in “nova” source package in Precise:
  Fix Released

Bug description:
  Unfortunately the patches released for bug 1015531, didn't consider
  permissions in the guest.

  If there is a root only readable directory in the guest containing the dodgy symlinks, then they will not be detected by _join_and_check_path_within_fs() because it runs as the nova user.
  Therefore the equivalent of this function needs to run as the root user.

  Folsom patch attached.
  Diablo & Essex versions would need readlink added to rootwrap

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1031311/+subscriptions