yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1919188] [NEW] cloud-init: checking cmdline for ip= is too broad

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1919188@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Mar 2021 18:50:05 -0000
Reply-to: Bug 1919188 <1919188@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

klibc initramfs in debian (and I think Ubunutu as well) allows the
'iscsi_target_ip=' cmdline parameter to specify an iscsi device
attachment. The cloud-init code to check "whether this system has klibc
initramfs network config or not" checks if the 'ip=' string is present
in the cmdline. The python code to do this (https://github.com/canonical
/cloud-init/blob/master/cloudinit/net/cmdline.py#L75) will match any
parameter in the cmdline that contains 'ip='. For iSCSI volumes, the
code still works (by accident?) because the next line checks for an
open-iscsi interface file, which should exist if we are using iSCSI.

However, it raises the possibility that there are other commandline
parameters being used out in the wild that contain 'ip=' that may
erroneously be marked by cloud-init as specifying an initramfs network
config option. An example fix would be using a regular expression to
check that either whitespace or beginning of the line precedes 'ip'.

** Affects: cloud-init
     Importance: Medium
     Assignee: James Falcon (falcojr)
         Status: Confirmed

** Changed in: cloud-init
       Status: New => Confirmed

** Changed in: cloud-init
   Importance: Undecided => Medium

** Changed in: cloud-init
     Assignee: (unassigned) => James Falcon (falcojr)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1919188

Title:
  cloud-init: checking cmdline for ip= is too broad

Status in cloud-init:
  Confirmed

Bug description:
  klibc initramfs in debian (and I think Ubunutu as well) allows the
  'iscsi_target_ip=' cmdline parameter to specify an iscsi device
  attachment. The cloud-init code to check "whether this system has
  klibc initramfs network config or not" checks if the 'ip=' string is
  present in the cmdline. The python code to do this
  (https://github.com/canonical/cloud-
  init/blob/master/cloudinit/net/cmdline.py#L75) will match any
  parameter in the cmdline that contains 'ip='. For iSCSI volumes, the
  code still works (by accident?) because the next line checks for an
  open-iscsi interface file, which should exist if we are using iSCSI.

  However, it raises the possibility that there are other commandline
  parameters being used out in the wild that contain 'ip=' that may
  erroneously be marked by cloud-init as specifying an initramfs network
  config option. An example fix would be using a regular expression to
  check that either whitespace or beginning of the line precedes 'ip'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1919188/+subscriptions

Follow ups

[Bug 1919188] Re: cloud-init: checking cmdline for ip= is too broad
From: James Falcon, 2021-05-05