2015-06-16 19:30:17 |
Scott Moser |
description |
This is being run against maas-stable ppa
# dpkg-query --show maas
maas 1.7.3+bzr3363-0ubuntu1~trusty1
A non-admin user can acquire a system, change certain fields, and release the
system. This could effectively DOS the use of the system.
The fields i've verified i can change are:
architecture
hostname
disable_ipv4
Not sure if others can be modified or not. But essentially the steps are:
a.) maas <name> nodes acquire
b.) maas <name> update <system_id> architecture=amd64/hwe-u
c.) maas <name> node release <system_id>
d.) maas <name> node read <system_id>
'd' is just there for verification that the change is permenent.
See the attached script to show doing this. Its example output when run:
$ ./go
maas home-ubuntu nodes acquire
acquired hostname=kearney.example.com system_id=node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== kearney.example.com [acquired] ==
hostname: kearney.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-t
disable_ipv4: False
distro_series:
applying architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node update node-79b67e82-d25c-11e4-a333-00163eca91de architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [modified] ==
hostname: mychange.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-u
disable_ipv4: True
distro_series:
maas home-ubuntu node release node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [released] ==
hostname: mychange.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-u
disable_ipv4: True
distro_series: |
This is being run against maas-stable ppa
# dpkg-query --show maas
maas 1.7.3+bzr3363-0ubuntu1~trusty1
A non-admin user can acquire a system, change certain fields, and release the
system. This could effectively DOS the use of the system.
The fields i've verified i can change are:
architecture
hostname
disable_ipv4
Not sure if others can be modified or not. But essentially the steps are:
a.) maas <name> nodes acquire
b.) maas <name> update <system_id> architecture=amd64/hwe-u
c.) maas <name> node release <system_id>
d.) maas <name> node read <system_id>
'd' is just there for verification that the change is permenent.
See the attached script to show doing this. Its example output when run:
$ ./go
maas home-ubuntu nodes acquire
acquired hostname=kearney.example.com system_id=node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== kearney.example.com [acquired] ==
hostname: kearney.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-t
disable_ipv4: False
distro_series:
applying architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node update node-79b67e82-d25c-11e4-a333-00163eca91de architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [modified] ==
hostname: mychange.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-u
disable_ipv4: True
distro_series:
maas home-ubuntu node release node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [released] ==
hostname: mychange.example.com
system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
netboot: True
osystem:
storage: 160000
architecture: amd64/hwe-u
disable_ipv4: True
distro_series:
Related bugs:
* bug 1443644: hwe kernels should not be part of the architecture
* bug 1437059: Deploy bulk actions needs the ability to specify architecture (so we can select hwe kernel) |
|