PowerVM config drive path is not secure

Bug #1771538 reported by Andrey Volkov on 2018-05-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Matthew Edmonds
nova-powervm
Undecided
Unassigned

Bug Description

This report is based on the Bandit scanner results and code review.

1)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n44

43 _VOPT_SIZE_GB = 1
44 _VOPT_TMPDIR = '/tmp/cfgdrv/'
45

We have hardcoded tmp dir that could be cleaned up after compute node reboot.
As mentioned in todo it might be good to use conf option.

2)
On https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/powervm/media.py?h=refs/heads/master#n116
Predictable file name based on a user input is used:
116 file_name = pvm_util.sanitize_file_name_for_api(
117 instance.name, prefix='cfg_', suffix='.iso',
118 max_len=pvm_const.MaxLen.VOPT_NAME)
Probably we could use instance.uuid for that.

tags: added: powervm
Matthew Edmonds (edmondsw) wrote :

I don't think we need to worry about the TMPDIR getting cleaned up, but we shouldn't be using predictable temp dir/file names.

Changed in nova:
status: New → Confirmed

Fix proposed to branch: master
Review: https://review.openstack.org/610174

Changed in nova:
assignee: nobody → Matthew Edmonds (edmondsw)
status: Confirmed → In Progress
melanie witt (melwitt) on 2018-10-19
Changed in nova:
importance: Undecided → Medium

Reviewed: https://review.openstack.org/610174
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4afe8ea5a19e236b485da3132d66064017a479ec
Submitter: Zuul
Branch: master

commit 4afe8ea5a19e236b485da3132d66064017a479ec
Author: Matthew Edmonds <email address hidden>
Date: Fri Oct 12 17:26:29 2018 -0400

    Use tempfile for powervm config drive

    There are potential security issues with using predictable temp
    directories or files, so use python's tempfile module to do this
    safely.

    Change-Id: Ia067236785882ad3acca23a425ea1333b247d8c6
    Closes-Bug: #1771538

Changed in nova:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/613342
Committed: https://git.openstack.org/cgit/openstack/nova-powervm/commit/?id=54e501481de97d600f4c8757dc4cdac80ba5ab54
Submitter: Zuul
Branch: master

commit 54e501481de97d600f4c8757dc4cdac80ba5ab54
Author: Matthew Edmonds <email address hidden>
Date: Thu Oct 25 10:45:47 2018 -0400

    Use tempfile for powervm config drive

    There are potential security issues with using predictable temp
    directories or files, so use python's tempfile module to do this
    safely.

    Change-Id: I5e23933af71180da1d55950fcf49e39b0b800ef5
    Closes-Bug: #1771538

Changed in nova-powervm:
status: New → Fix Released

This issue was fixed in the openstack/nova-powervm 8.0.0.0rc1 release candidate.

This issue was fixed in the openstack/nova 19.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers