hostname, architecture, disable_ipv4 can be permenantly changed by non-admin user

Bug #1459762 reported by Scott Moser on 2015-05-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Critical
Jeffrey C Jones

Bug Description

This is being run against maas-stable ppa
  # dpkg-query --show maas
  maas 1.7.3+bzr3363-0ubuntu1~trusty1

A non-admin user can acquire a system, change certain fields, and release the
system. This could effectively DOS the use of the system.

The fields i've verified i can change are:
  architecture
  hostname
  disable_ipv4

Not sure if others can be modified or not. But essentially the steps are:
 a.) maas <name> nodes acquire
 b.) maas <name> update <system_id> architecture=amd64/hwe-u
 c.) maas <name> node release <system_id>
 d.) maas <name> node read <system_id>

'd' is just there for verification that the change is permenent.

See the attached script to show doing this. Its example output when run:

$ ./go
maas home-ubuntu nodes acquire
acquired hostname=kearney.example.com system_id=node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== kearney.example.com [acquired] ==
  hostname: kearney.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-t
  disable_ipv4: False
  distro_series:
applying architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node update node-79b67e82-d25c-11e4-a333-00163eca91de architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [modified] ==
  hostname: mychange.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-u
  disable_ipv4: True
  distro_series:
maas home-ubuntu node release node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [released] ==
  hostname: mychange.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-u
  disable_ipv4: True
  distro_series:

Related bugs:
 * bug 1443644: hwe kernels should not be part of the architecture
 * bug 1437059: Deploy bulk actions needs the ability to specify architecture (so we can select hwe kernel)

Related branches

Changed in maas:
status: New → Triaged
importance: Undecided → Critical
milestone: none → 1.9.0
Scott Moser (smoser) on 2015-06-16
description: updated
Changed in maas:
assignee: nobody → Jeffrey C Jones (trapnine)
Changed in maas:
status: Triaged → In Progress
Changed in maas:
status: In Progress → Fix Committed
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers