Files in Scality driver are created world readable/writable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Low
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
On this line in the Scality driver: https:/
- volume creation: https:/
- snapshot creation: https:/
- volume extension: https:/
While it's possible that these files are supposed to be created in a directory which is protected, files should always be restricted according to the principle of least privilege. If these files are created in a directory without restricted permissions, any user on the system can tamper with these volumes and snapshots.
information type: | Private Security → Public |
tags: | added: security |
Changed in ossa: | |
status: | Incomplete → Won't Fix |
tags: | added: drivers scality |
Changed in cinder: | |
importance: | Undecided → Low |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Can cinder-coresec please confirm if the parent directory protect the overly permissive file permission ?