Guest Agent - potential shell injection
Bug #1606407 reported by
Tim Suter
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
Expired
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
In troves guest agent backup it appears that unencrypted data is simply piped into openssl for encryption.
- if the string substitution for -pass: is not correctly handled during shell escaping this could lead to shell injection. safest method is to remove substitution completely.
I recommend using pythons native ssl module (import ssl methods are bindings to system ssl libraries, usually openssl).
Acknowledgments:
Travis Scheponik <email address hidden>
Changed in ossa: | |
status: | New → Incomplete |
description: | updated |
To post a comment you must log in.
potential shell injection example
ie:
-pass: derp;cat /etc/passwd
-pass: derp&cat /etc/passwd