libvirt live snapshotting happens in world-writable directory
Bug #1255086 reported by
Ivan Melnikov
This bug report is a duplicate of:
Bug #1227027: [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048).
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
When nova-compute makes live snapshot of virtual machine the temporary directory used to store snapshot data before it gets uploaded to glance is made world-writable:
This potentially allows user who has write access to filesystem to hijack snapshot contents or do other nasty things.
Changed in nova: | |
status: | New → Confirmed |
information type: | Private Security → Public Security |
no longer affects: | ossa |
To post a comment you must log in.
Looks like a duplicate of bug 1227027, please confirm