tripleo

Potential privilege escalation with the default libvirtd TLS config

Bug #1730370 reported by Oliver Walsh on 2017-11-06

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Juan Antonio Osorio Robles	tripleo queens-2

Bug Description

With the default TLS setup, any service with a certificate from the CA will be granted access to libvirtd.

There are a number of options to address this:
- use a different CA just for libvirt access
- filter allowed clients
- enable SASL auth for libvirtd
- disabled libvirt TLS

CVE References

2017-15114

Revision history for this message

Steven Hardy (shardy) wrote on 2017-11-06:

#1

Triaged as this is already assigned, we should discuss the plan for merging/backporting before making this public,

Changed in tripleo:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → queens-2

Revision history for this message

Emilien Macchi (emilienm) wrote on 2017-11-07:

#2

We should reach Summer Long <email address hidden> if whether or not embargo is required on this issue, and if a CVE is accurate.

Revision history for this message

Emilien Macchi (emilienm) wrote on 2017-11-07:

#3

IMHO, we should use enable SASL auth for libvirtd and filter allowed clients at minimum.
Having an dedicated CA is good but I think not enough; I like the SASL layer for credentials, which will allow us to have granular authentification and enable PolicyKit for example.

Revision history for this message

Oliver Walsh (owalsh) wrote on 2017-11-07:

#4

Do we have puppet support for managing SASL?

Revision history for this message

Oliver Walsh (owalsh) wrote on 2017-11-07:

#5

BTW we had to drop polkit when we containerized this.

Revision history for this message

Joshua Padman (jpadman) wrote on 2017-11-07: Re: [Bug 1730370] Re: Potential privilege escalation with the default libvirtd TLS config

#6

Thank you for the add and the info. Summer Long normally takes Director
etc but Summit!

Cheers,
Josh

On 07/11/17 12:30, Oliver Walsh wrote:
> BTW we had to drop polkit when we containerized this.
>

--
Joshua Padman / Red Hat Product Security

Revision history for this message

Oliver Walsh (owalsh) wrote on 2017-11-15:

#7

Libvirt TLS has been disabled in https://review.openstack.org/#/q/I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23

information type:	Private Security → Public Security
Changed in tripleo:
status:	Triaged → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-04: Fix included in openstack/tripleo-heat-templates 8.0.0.0b2

#8

This issue was fixed in the openstack/tripleo-heat-templates 8.0.0.0b2 development milestone.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.