© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
well the fix is simple but tedious
we have talked about reimplementing the privileged functions to have a narrow contract but
we have never had the capacity actually to go do that.
i have tried to stop other from repeating this design mistake
https:/
there i callout the chown , chmod and writefile issue raised in the report above
given this is a long-running know design limitation that has been discussed both in the ptg and mailing list many times and the example given for nova, in particular, are actually effectively the examples we used before I don't think that a new CVE should be created for this as it is not a new discovery but it is a valid security hardening opportunity so this probably should be Class D
for this to be vulnerable you would need to inject code into nova or os-brick or already have the ability to escalate via sudo or another means to spawn a new privsep process in addition to importing the nova code. if you had that capability it would be simpler just to write you won script that used privesep directly.
the only advantage to a B1 designation is i might finally be able to get this prioitesed as more then tech debt so that we can actually spend time fixing it but operators the effect is the same.
this is a hardening opportunity today not a new exploit vector.