yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #72928
[Bug 1771538] [NEW] PowerVM config drive path is not secure
Public bug reported:
This report is based on the Bandit scanner results and code review.
1)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n44
43 _VOPT_SIZE_GB = 1
44 _VOPT_TMPDIR = '/tmp/cfgdrv/'
45
We have hardcoded tmp dir that could be cleaned up after compute node reboot.
As mentioned in todo it might be good to use conf option.
2)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n116
Predictable file name based on a user input is used:
116 file_name = pvm_util.sanitize_file_name_for_api(
117 instance.name, prefix='cfg_', suffix='.iso',
118 max_len=pvm_const.MaxLen.VOPT_NAME)
Probably we could use instance.uuid for that.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1771538
Title:
PowerVM config drive path is not secure
Status in OpenStack Compute (nova):
New
Bug description:
This report is based on the Bandit scanner results and code review.
1)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n44
43 _VOPT_SIZE_GB = 1
44 _VOPT_TMPDIR = '/tmp/cfgdrv/'
45
We have hardcoded tmp dir that could be cleaned up after compute node reboot.
As mentioned in todo it might be good to use conf option.
2)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n116
Predictable file name based on a user input is used:
116 file_name = pvm_util.sanitize_file_name_for_api(
117 instance.name, prefix='cfg_', suffix='.iso',
118 max_len=pvm_const.MaxLen.VOPT_NAME)
Probably we could use instance.uuid for that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1771538/+subscriptions
Follow ups