OpenStack Compute (nova)

libvirt live snapshotting happens in world-writable directory

Bug #1255086 reported by Ivan Melnikov on 2013-11-26

This bug report is a duplicate of: Bug #1227027: [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048). Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Confirmed	Undecided	Unassigned

Bug Description

When nova-compute makes live snapshot of virtual machine the temporary directory used to store snapshot data before it gets uploaded to glance is made world-writable:

https://github.com/openstack/nova/blob/eced10cf41fbf87e9c171aa17ee75e82f331456a/nova/virt/libvirt/driver.py#L1489

This potentially allows user who has write access to filesystem to hijack snapshot contents or do other nasty things.

Grant Murphy (gmurphy) on 2013-11-26

Changed in nova:
status:	New → Confirmed

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-11-27:

Looks like a duplicate of bug 1227027, please confirm

Changed in ossa:
status:	New → Incomplete

Revision history for this message

Ivan Melnikov (imelnikov) wrote on 2013-11-27:

> Looks like a duplicate of bug 1227027, please confirm

Yes, it is. Sorry, looks like my googling skills were weak yesterday.

Jeremy Stanley (fungi) on 2013-11-27

information type:	Private Security → Public Security
no longer affects:	ossa

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #1227027 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.