juju-core

Attempts to chown env files to inappropriate user

Bug #1245647 reported by Aaron Bentley on 2013-10-28

264

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	juju-core	Fix Released	High	Tim Penhey

Bug Description

I am getting a failure attempting to bootstrap, because juju tries to chown to in inappropriate user.

I am logged in as "ubuntu", but running as "jenkins" via "sudo su jenkins". juju is creating a new jenv file, attempting to chown it to "ubuntu".

I understand this was because the local provider requires sudo, but juju should not create root-owned jenv files. However, juju should not change files to the real userid, because that could disclose credentials to another user. Had juju succeeded with the "chown", i.e. if I had run as "sudo -s", then the jenkins credentials would have been disclosed to the ubuntu user.

Here are some possible solutions:
1. Ignore chown failures: if you're not running as root, but you can read environments.yaml and write *.jenv, then you're probably running as the user that owns the file anyway.
2. Use the uid/gid of environments.yaml for *.jenv. That way the contents of environments.yaml can never be disclosed to the wrong user (AIUI, environments.yaml may go away, but there will be credentials files if it does.)

Tags:

Related branches

lp:~thumper/juju-core/fix-prepare-chown

Merged into lp:~go-bot/juju-core/trunk at revision 2260

Juju Engineering: Pending requested 2014-01-26

Revision history for this message

Aaron Bentley (abentley) wrote on 2013-10-28:

$ strace juju bootstrap -e test-release-hp --constraints mem=2G
...
open("/var/lib/jenkins/.juju/environments/test-release-hp.jenv", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
mkdir("/var/lib/jenkins/.juju/environments", 0700) = -1 EEXIST (File exists)
open("/var/lib/jenkins/.juju/environments/test-release-hp.jenv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0600) = 4
close(4) = 0
chown("/var/lib/jenkins/.juju/environments/test-release-hp.jenv", 1000, 1000) = -1 EPERM (Operation not permitted)
clock_gettime(CLOCK_REALTIME, {1382987820, 79234281}) = 0
clock_gettime(CLOCK_REALTIME, {1382987820, 79489134}) = 0
write(2, "ERROR cannot create new info for"..., 152ERROR cannot create new info for environment "test-release-hp": chown /var/lib/jenkins/.juju/environments/test-release-hp.jenv: operation not permitted
) = 152
exit_group(1) = ?

Curtis Hovey (sinzui) on 2013-10-29

tags:	added: bootstrap
Changed in juju-core:
milestone:	none → 2.0

Aaron Bentley (abentley) on 2013-10-29

information type:

Public → Public Security

Revision history for this message

Aaron Bentley (abentley) wrote on 2013-11-05:

A workaround is to ssh into localhost, which will shed the original identity entirely. This requires an ssh keypair on localhost, with the public key added to authorized_keys.

tags:

added: security

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2014-01-27:

another work around would be to use
$ sudo su - jenkins

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-02-03:

thumper fixed this by removing the code that chowns, as it's not necessary anymore

Changed in juju-core:
assignee:	nobody → Tim Penhey (thumper)
status:	Triaged → Fix Committed
milestone:	2.0 → 1.18.0
milestone:	1.18.0 → none
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #1249418

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.