glance/common/ find_config_file() loads config files from "."

Bug #828719 reported by Dave Walker on 2011-08-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Adam Gandelman
glance (Ubuntu)
Adam Gandelman

Bug Description

As discovered by Kees Cook on bug #801299

"glance/common/ find_config_file() should not load config files from "." (e.g. imagine doing "sudo apt-get install glace" from /tmp and being surprised that ./glance-registry.conf gets loaded during the postinst, writing to arbitrary locations for SQL and logs)"

This implies that find_config_files() needs to be smarter in it's logic, or at least take parameters which overrides/disables this behaviour.


Related branches

Dave Walker (davewalker) on 2011-08-18
Changed in glance (Ubuntu):
milestone: none → ubuntu-11.10-beta-1
status: New → Confirmed
tags: added: server-o-rs
Changed in glance:
assignee: nobody → Adam Gandelman (gandelman-a)
status: New → In Progress
Changed in glance:
status: In Progress → Fix Committed
Martin Pitt (pitti) on 2011-08-31
Changed in glance (Ubuntu):
milestone: ubuntu-11.10-beta-1 → ubuntu-11.10-beta-2
Adam Gandelman (gandelman-a) wrote :

Resubmitted via the new gerrit review system:,374

Jay Pipes (jaypipes) on 2011-09-02
Changed in glance:
milestone: none → diablo-rbp
importance: Undecided → Low

Submitter: Jenkins
Branch: master

 status fixcommitted

commit 706a53396c7a6e7dc8fca9d48d23bd9fab31162a
Author: Adam Gandelman <email address hidden>
Date: Mon Aug 29 14:36:10 2011 -0700

    Remove PWD from possible config_file_dirs.

    Resolves bug #828719, which can potentially cause problems depending on
    what $PWD commands are executed in.

    Amendment: Also update documentation accordingly.

    Change-Id: Ib2ec4bb07222e51c86b7d8f8ce1dd0e6bb342a64

Changed in glance (Ubuntu):
assignee: nobody → Adam Gandelman (gandelman-a)
status: Confirmed → Fix Committed
Changed in glance (Ubuntu):
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2011-09-22
Changed in glance:
milestone: diablo-rbp → 2011.3
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers