re-runs self via sudo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Pallavi | ||
Designate |
Fix Released
|
High
|
Dr. Jens Harbott | ||
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Markus Zoeller (markus_z) | ||
Newton |
Fix Committed
|
Medium
|
Lee Yarwood | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
Undecided
|
Tom Barron | ||
Rally |
Fix Released
|
Undecided
|
iswarya vakati | ||
ec2-api |
Fix Released
|
Undecided
|
iswarya vakati | ||
gce-api |
Fix Released
|
Undecided
|
iswarya vakati | ||
masakari |
Fix Released
|
Undecided
|
Takashi Kajinami |
Bug Description
Hello, I'm looking through Designate source code to determine if is appropriate to include in Ubuntu Main. This isn't a full security audit.
This looks like trouble:
./designate/
def main():
CONF.
try:
except cfg.ConfigFiles
cfgfile = CONF.config_
if cfgfile and not os.access(cfgfile, os.R_OK):
st = os.stat(cfgfile)
try:
except Exception:
sys.exit(2)
This is an interesting decision -- if the configuration file is _not_ readable by the user in question, give the executing user complete privileges of the user that owns the unreadable file.
I'm not a fan of hiding privilege escalation / modifications in programs -- if a user had recently used sudo and thus had the authentication token already stored for their terminal, this 'hidden' use of sudo may be unexpected and unwelcome, especially since it appears that argv from the first call leaks through to the sudo call.
Is this intentional OpenStack style? Or unexpected for you guys too?
(Feel free to make this public at your convenience.)
Thanks
information type: | Private Security → Public Security |
Changed in masakari: | |
assignee: | nobody → SamP (sampath-priyankara) |
Changed in ec2-api: | |
assignee: | nobody → iswarya vakati (v-iswarya) |
Changed in manila: | |
assignee: | nobody → iswarya vakati (v-iswarya) |
Changed in cinder: | |
assignee: | nobody → Pallavi (pallavi-s) |
Changed in gce-api: | |
assignee: | nobody → Pallavi (pallavi-s) |
Changed in rally: | |
assignee: | nobody → iswarya vakati (v-iswarya) |
tags: | added: newton-backport-potential |
Changed in nova: | |
importance: | Undecided → Medium |
Changed in gce-api: | |
assignee: | Pallavi (pallavi-s) → iswarya vakati (v-iswarya) |
Changed in manila: | |
assignee: | iswarya vakati (v-iswarya) → Tom Barron (tpb) |
Wow. This should be removed, and past me given a stern talking to for +2'ing the change that snuck this in.