Init scripts for use on cloud images

Please use yaml.safe_load

Reported by Tv on 2012-06-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Medium
Scott Moser

Bug Description

yaml.load allows arbitrary code execution, just like Python pickle. Please use yaml.safe_load for all input.

http://docs.python.org/library/pickle

Related branches

Scott Moser (smoser) wrote :

I generally agree that its a good idea to use the safe_load as we're not expecting to execute code.

However, anything input in user-data or other config has the opportunity by design to cause code execution. Ie, you can add part-handlers, boothooks or runcmd.

is there some where specific where cloud-init is doing a yaml.load on untrusted input?

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Scott Moser (smoser)
Tv (tv42) wrote :

I don't see anything exploitable there (or I'd have filed a security), it just makes me uncomfortable and doubt other aspects of the design. Let's call it a code smell. I see a lot of promise in cloud-init, but at the same time it's.. quite messy and sprawling.

On Thu, 21 Jun 2012, Tv wrote:

> I don't see anything exploitable there (or I'd have filed a security),
> it just makes me uncomfortable and doubt other aspects of the design.
> Let's call it a code smell. I see a lot of promise in cloud-init, but at
> the same time it's.. quite messy and sprawling.

thanks for being honest. :).
I'll commit the safe_load change.

Josh Harlow has been working on cleaning some of the messy/sprawling up.
https://code.launchpad.net/~cloud-init/cloud-init/rework

Any/all input on the changes there are welcome. Ping me in IRC, or join
cloud-init team in launchpad.

Thanks for the input.

Scott Moser (smoser) wrote :

fixed in revno 562.

Changed in cloud-init:
status: Triaged → Fix Committed
Joshua Harlow (harlowja) wrote :

Please ask me any questions as well. I have tried to clean it up, organize it into stages, add some goodness and all that.

I added a description @ https://code.launchpad.net/~cloud-init/cloud-init/rework of some of the work done there.

Feel free to check it out. I'll fix this one line in the rework to use the safe load as well.

Scott Moser (smoser) on 2012-10-01
Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers