Symlink attack with signing_dir = /tmp/keystone-signing-nova
Bug #1233305 reported by
Thomas Goirand
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
Fix Released
|
Critical
|
Michael Basnight |
Bug Description
Hi,
Having such thing in the default configuration file:
signing_dir = /tmp/keystone-
was the origin of a CVE in Nova. I would strongly suggest to not use known filenames in /tmp, which are vectors of symlink attacks (and no, the kernel in Wheezy and Precise doesn't have the feature to stop it, that's only in 3.8, IIRC).
The best way to fix it is to use something in the home folder of the package, for example in /var/lib/trove.
Changed in trove: | |
status: | New → Confirmed |
importance: | Undecided → Critical |
tags: | added: havana-rc-potential |
Changed in trove: | |
milestone: | havana-rc2 → 2013.2 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/49276
Review: https:/