MITM vulnerability with XIV driver

Bug #1372643 reported by Matthew Edmonds
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Invalid
High
Alon Marx
Nominated for Icehouse by Jay Bryant
Nominated for Juno by Jay Bryant
OpenStack Security Advisory
Won't Fix
Undecided
Unassigned

Bug Description

The XIV driver in Juno appears to blindly trust whatever certificate it gets back from the device without any validation. This would leave it open to a MITM attack.

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote :

Thanks for the report! The OSSA task is set to incomplete pending additional details.

@Matthew and @cinder-coresec: Any chance we get this fix for Juno ?

Changed in ossa:
status: New → Incomplete
Revision history for this message
Matthew Edmonds (edmondsw) wrote :

I believe Alon is working on the fix for Juno.

Revision history for this message
Jay Bryant (jsbryant) wrote :

@Tristan, I am following up with Alon, but it is possible that this is something that can be fixed without touching the Community Cinder code. So, hopefully we can coordinate things so that it does get into Juno. I will have Alon update here accordingly.

Revision history for this message
Thierry Carrez (ttx) wrote :

Is this Juno-only ? Or does it also affect Icehouse ?

Revision history for this message
Alon Marx (alonma) wrote :

It is probably relevant also for icehouse, but I don't think we should address it there.

Revision history for this message
Jeremy Stanley (fungi) wrote :

This looks like another in the vein of bug 1188189 which we've so far considered a security hardening opportunity, no advisory warranted.

information type: Private Security → Public
tags: added: security
Changed in ossa:
status: Incomplete → Won't Fix
Revision history for this message
Robert Clark (robert-clark) wrote :

While this might not need to be embargoed I think it should be taken more seriously. Bug 1188189 was just over a year ago and since then most projects have improved their security. So what we have here is an outlying driver that offers a significantly lower standard of security than the rest of the system.

Revision history for this message
Jeremy Stanley (fungi) wrote :

Granted the position is worth revisiting. Are we to the point where we're ready as a project to declare victory on bug 1188189 now and consider anything else which doesn't encrypt internal communications or fails to validate server certificates (for SSL sockets, SSH, et cetera) a surprise to the community and worth individual security advisories and mandatory stable backports going forward?

Revision history for this message
Alon Marx (alonma) wrote :

I apologise for not updating this issue for a while.

I am working on a solution for this issue in the Juno timeframe. Because we are close to release I am trying to get it to work without making any changes in the open source code. In Kilo I plan an additional value in cinder.conf to indicate the relevant paths, but for now I think we can live with having a wide enough path internally.

Changed in ossa:
assignee: nobody → Alon Marx (alonma)
Jeremy Stanley (fungi)
Changed in cinder:
assignee: nobody → Alon Marx (alonma)
Changed in ossa:
assignee: Alon Marx (alonma) → nobody
Revision history for this message
Jay Bryant (jsbryant) wrote :

Alon, any update on this? Are you going to be able to fix this in the XIV code so that we don't have to try and get anything into Cinder now that Juno has released?

Changed in cinder:
status: New → Triaged
importance: Undecided → High
milestone: none → kilo-1
Jay Bryant (jsbryant)
tags: added: drivers xiv
Revision history for this message
Alon Marx (alonma) wrote :

Hi Jay,
Yes, we have this fixed. The fix is available in our Juno driver.
The fix requires a certificate file to be put in the file system in well known directories (e.g. /etc/ssl/certs). This means that the user can also set his own certificates if he so wishes (one can set his own certification on the XIV storage).
We still have some work on packaging and documentation ahead of us.
Alon

Revision history for this message
Jay Bryant (jsbryant) wrote :

Excellent news. Thanks Alon!

Revision history for this message
Mike Perez (thingee) wrote :

Alon, which commit in particular makes this available in Juno?

Revision history for this message
Alon Marx (alonma) wrote :

The fix is in the closed source driver, so there is no specific commit in Juno code.

Mike Perez (thingee)
Changed in cinder:
status: Triaged → Invalid
Mike Perez (thingee)
Changed in cinder:
milestone: kilo-1 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.