IPMI credential exposure
Bug #2058749 reported by
Kaifeng Wang
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ironic |
In Progress
|
High
|
Afonne-CID | ||
Bug Description
Ironic generates a temporary password file for each ipmi operation, which records the plain password in the file, normally it's not an issue since requests like power control completes in a short time, but when the sol console is active, the password file persists on the disk for a long time, this exposes security vulnerability.
The proposed solution is to utilize the -E instead of -f to pass the credential to ipmitool. This security issue is severely alleviated since the environmental variable is limited to the user session of ironic which is typically a non-login user.
| Changed in ironic: | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| Julia Kreger (juliaashleykreger) wrote | #1 |
| Changed in ironic: | |
| assignee: | nobody → Afonne-CID (cidelight) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to ironic (master) | #2 |
| Changed in ironic: | |
| status: | Triaged → In Progress |
To post a comment you must log in.
I suspect this is a case where a patch would be welcome to change the default mode of operation for that.
But that being said, we're just trading a risk off here.
For example, a restricted file for a service in a container can be harder to get to, but then any administrative user for a conductor could then also pull the environment variables from the system.
The risk fundamentally seems the same, and in either case other users should not be present on the system where a conductor service operates.