oslo.metrics

permissions on /var/tmp/metrics_collector.sock

Bug #1945533 reported by Seth Arnold on 2021-09-29

268

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	oslo.metrics	Fix Released	Undecided	Unassigned
	python-oslo.metrics (Ubuntu)	Fix Released	High	Unassigned

Bug Description

Hello, I believe the socket is being created with incorrect permissions:

def main():
    cfg.CONF(sys.argv[1:])
    socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
    m = MetricsListener(socket_path)
    try:
        os.chmod(socket_path, stat.S_IRWXU | stat.S_IRWXO)

My sys_stat.h(7) manpage has:

  │S_IRWXU │ 0700 │ Read, write, execute/search by owner. │
..
  │S_IRWXG │ 070 │ Read, write, execute/search by group. │
..
  │S_IRWXO │ 07 │ Read, write, execute/search by others. │

Thus the resulting permissions are 0707. I don't recall seeing 0707 used intentionally before, it's only ever been a mistake by people using the symbolic forms rather than typing the desired octal directly.

If mode 0707 is intentional, can I ask for a comment to be placed there to describe why these unusual permissions are expected?

I propose replacing the modes with 0o666, 0o660, or 0o600, as appropriate. (The only mention of 'execute' in my unix(7) manpage is referring to the directory the socket is created in.)

Thanks

Tags:

Revision history for this message

Jeremy Stanley (fungi) wrote on 2021-10-04:

As for security risks of this bug, I suppose it's that any local user or process on the server could inject fake/misleading metrics, or is the socket used for something else?

Revision history for this message

Ben Nemec (bnemec) wrote on 2021-10-04:

My guess would be that the intent was to make it 770 and the wrong identifier was used for the group permissions.

Thierry, is there someone from the oslo.metrics team who could look at this? Should be a pretty simple fix once we work out the desired permissions.

Revision history for this message

Jeremy Stanley (fungi) wrote on 2021-10-04:

Also, if the security implications for this bug are minimal, it's probably worth switching to public and treating as just a hardening opportunity, to save some hassle.

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2021-10-04:

Fine by me, I just wanted to give the OpenStack team a chance to look at it first.

Thanks

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2021-10-06:

Okay, I set it public after not hearing a 'no' :)

Thanks

information type:

Private Security → Public Security

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-07: Fix proposed to oslo.metrics (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/oslo.metrics/+/813018

Changed in oslo.metrics:
status:	New → In Progress

Corey Bryant (corey.bryant) on 2021-10-08

Changed in python-oslo.metrics (Ubuntu):
status:	New → Triaged
importance:	Undecided → High

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-10-13:

This bug was fixed in the package python-oslo.metrics - 0.3.0-0ubuntu2

---------------
python-oslo.metrics (0.3.0-0ubuntu2) impish; urgency=medium

* d/p/bug1945533.patch: Cherry pick permissions fix to harden the
socket used for metrics (LP: #1945533).

-- James Page <email address hidden> Wed, 13 Oct 2021 09:41:23 +0100

Changed in python-oslo.metrics (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-13: Fix merged to oslo.metrics (master)

Reviewed: https://review.opendev.org/c/openstack/oslo.metrics/+/813018
Committed: https://opendev.org/openstack/oslo.metrics/commit/b23fb97c97d02615c0eef428ebd223b6baced952
Submitter: "Zuul (22348)"
Branch: master

commit b23fb97c97d02615c0eef428ebd223b6baced952
Author: Corey Bryant <email address hidden>
Date: Thu Oct 7 09:57:27 2021 -0400

Limit metrics_socket_file permissions

    This limits the metrics_socket_file permissions to 0o660. Prior
    to this change, symbolic constants were used, resulting in
    0o707 permissions.

Closes-Bug: #1945533
Change-Id: I009ffbc10d3400881c6f8b2178494ba180d6549f

Changed in oslo.metrics:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-18: Fix proposed to oslo.metrics (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/oslo.metrics/+/814265

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-21: Fix included in openstack/oslo.metrics 0.4.0

#10

This issue was fixed in the openstack/oslo.metrics 0.4.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-01-14: Fix merged to oslo.metrics (stable/xena)

#11

Reviewed: https://review.opendev.org/c/openstack/oslo.metrics/+/814265
Committed: https://opendev.org/openstack/oslo.metrics/commit/b90433530d1b0349b9952a43c85b80b9d6fb631e
Submitter: "Zuul (22348)"
Branch: stable/xena

commit b90433530d1b0349b9952a43c85b80b9d6fb631e
Author: Corey Bryant <email address hidden>
Date: Thu Oct 7 09:57:27 2021 -0400

Limit metrics_socket_file permissions

    This limits the metrics_socket_file permissions to 0o660. Prior
    to this change, symbolic constants were used, resulting in
    0o707 permissions.

    Closes-Bug: #1945533
    Change-Id: I009ffbc10d3400881c6f8b2178494ba180d6549f
    (cherry picked from commit b23fb97c97d02615c0eef428ebd223b6baced952)