[SRU] Azure Datasource writes user password in plain text
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned | ||
Utopic |
Fix Released
|
High
|
Unassigned | ||
Vivid |
Fix Released
|
High
|
Unassigned |
Bug Description
SRU Justification
[IMPACT] When provisioning a virtual machine on Azure, a user password may be provided. Cloud-init retrieves the password via ovf-env.xml (stored on a CDROM) which is then written to /var/lib/
While the password is stored in plain text on disk, the password is _NOT_ accessible to a non-privelaged user. Both the directory and the file
itself are read-only:
$ stat /var/lib/waagent/
File: ‘/var/lib/waagent/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 2532 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:11.341805500 +0000
Change: 2015-04-13 11:44:11.341805500 +0000
Birth: -
$ sudo stat /var/lib/
File: ‘/var/lib/
Size: 1633 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 2556 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:08.021992200 +0000
Change: 2015-04-13 11:44:08.021992200 +0000
Birth: -
[GUIDANCE STATEMENT] Canonical's guidance on this matter is that any password provided by a fabric is inherently insecure; users should leverage SSH keys.
[Regression Potential] As this is a backport of the 15.10 Datasource, there is a medium regression potential. The 15.10 Datasource fixes a number of Azure provisioning bugs and is thus desirable.
The updated Datasource includes additional automated testing to confirm code quality.
[TEST Case 1] Upgrade from proposed
1. Install cloud-init from -proposed
2. Shutdown and capture VM
3. Launch captured VM
4. Confirm that the user password is set to "REDACTED" in /var/lib/
[TEST Case 2] New build from proposed
1. Build image from proposed
2. Launch new VM
3. Confirm that the user password is set to "REDACTED" in /var/lib/
description: | updated |
tags: | added: patch |
Changed in cloud-init (Ubuntu Vivid): | |
importance: | Undecided → High |
Changed in cloud-init (Ubuntu Utopic): | |
importance: | Undecided → High |
Changed in cloud-init (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in cloud-init (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in cloud-init (Ubuntu Vivid): | |
status: | New → Fix Released |
assignee: | nobody → Ben Howard (utlemming) |
Changed in cloud-init (Ubuntu Utopic): | |
assignee: | nobody → Ben Howard (utlemming) |
Changed in cloud-init (Ubuntu Trusty): | |
assignee: | nobody → Ben Howard (utlemming) |
Changed in cloud-init (Ubuntu Precise): | |
assignee: | nobody → Ben Howard (utlemming) |
summary: |
- Azure Datasource writes user password in plain text + [SRU] Azure Datasource writes user password in plain text |
Changed in cloud-init (Ubuntu): | |
status: | Triaged → Fix Released |
Changed in cloud-init (Ubuntu Vivid): | |
status: | Fix Released → In Progress |
Changed in cloud-init (Ubuntu): | |
status: | Fix Released → Triaged |
Changed in cloud-init (Ubuntu): | |
status: | Fix Released → Fix Committed |
Changed in cloud-init (Ubuntu): | |
status: | Fix Committed → Fix Released |
Patch in Cloud-init REV 1109.