Un-sanitized eval statement in EMC volume driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
Low
|
Xing Yang | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
In the EMC volume driver, the function _find_lun calls eval on a string without doing any kind of input sanitization:
https:/
I haven't tracked down all the ways that "provider_location" can be set, but if an attacker is able to be set to something like "__import_
Maybe somebody more familiar with Cinder and what "provider_location" does can chime in to whether it can be set to something malicious or not, and if so, how difficult that is.
Eval should never be called on un-sanitized or untrusted input.
If we are sure that there is no way for a malicious user to set this parameter, it can be made public, and should be viewed as a security hardening improvement.
Changed in ossa: | |
status: | New → Incomplete |
Changed in cinder: | |
assignee: | nobody → Xing Yang (xing-yang) |
information type: | Public Security → Public |
Changed in ossa: | |
status: | Incomplete → Won't Fix |
Changed in cinder: | |
status: | In Progress → Triaged |
tags: | added: drivers emc |
Was submitted as public bug on the duplicate.