kolla

Tech Debt: possible symlink attack

Bug #1471376 reported by Sam Yaple on 2015-07-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	Critical	Sam Yaple	kolla liberty-2 "liberty-2"

Bug Description

https://review.openstack.org/#/c/196428/

The procedure here adds content to a file in /tmp with a static name. This file is not verifed to exist in a secure manner.

Steven Dake (sdake) on 2015-07-04

Changed in kolla:
status:	New → Triaged
importance:	Undecided → Critical
milestone:	none → liberty-2

Revision history for this message

Dave McCowan (dave-mccowan) wrote on 2015-07-04:

This page gives details on how to use temporary files securely.
https://ci.openstack.org/guidelines/dg_using-temporary-files-securely.html

Revision history for this message

Sam Yaple (s8m) wrote on 2015-07-04:

This isn't python creating the file directly, but rather ansible module. Luckily this appears as if it can be pretty quickly fixed by simply ensuring the file exists as a file and proper permissions.

Sam Yaple (s8m) on 2015-07-05

Changed in kolla:
assignee:	nobody → Sam Yaple (s8m)
status:	Triaged → In Progress

Revision history for this message

Steven Dake (sdake) wrote on 2015-07-06:

Dave do you think this review looks appropriate to fix the problem?

https://review.openstack.org/#/c/198520/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-14: Fix merged to kolla (master)

Reviewed: https://review.openstack.org/198520
Committed: https://git.openstack.org/cgit/stackforge/kolla/commit/?id=37ca7222bb83ff0de15c0502551b7e9e0960983a
Submitter: Jenkins
Branch: master

commit 37ca7222bb83ff0de15c0502551b7e9e0960983a
Author: Sam Yaple <email address hidden>
Date: Sun Jul 5 07:20:16 2015 +0000

fix possible symlink attack with ansible

    The commands used to create a temporary file on the localhost were
    vulnerable to a symlink attack. Removing the shell module and ensuring
    the ansible copy and file module is used will verify this file exists as a
    file with the correct permissions and ownership

Change-Id: I829483edf1435e41726ebfe1bc826e0c2e5265e3
Closes-Bug: 1471376

Changed in kolla:
status:	In Progress → Fix Committed

Sam Yaple (s8m) on 2015-11-20

Changed in kolla:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.