| 2023-12-30 01:27:35 |
lujiefsi |
bug |
|
|
added bug |
| 2023-12-30 01:30:30 |
lujiefsi |
description |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
we first write senstive data, then chmod.
When a file is first created and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified.
During this time window, the attacker may gain access to the file and manipulate its contents or execute malicious code, especially if the file is located in a directory that is writable by the attacker. By the time the permissions are changed using chmod, the attacker may have already exploited the file for their malicious purposes.
This type of attack is a result of the temporal gap between the creation of the file and the subsequent permission modification, allowing for potential unauthorized access and manipulation. This highlights the importance of properly securing sensitive files from the moment of creation and throughout their lifecycle to mitigate the risk of such attacks. |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
and https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/runtime.py#L149
Take gateway.py#L320C20-L320C30 for example:
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
we first write senstive data, then chmod.
When a file is first created and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified.
During this time window, the attacker may gain access to the file and manipulate its contents or execute malicious code, especially if the file is located in a directory that is writable by the attacker. By the time the permissions are changed using chmod, the attacker may have already exploited the file for their malicious purposes.
This type of attack is a result of the temporal gap between the creation of the file and the subsequent permission modification, allowing for potential unauthorized access and manipulation. This highlights the importance of properly securing sensitive files from the moment of creation and throughout their lifecycle to mitigate the risk of such attacks. |
|
| 2023-12-30 13:03:12 |
lujiefsi |
description |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
and https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/runtime.py#L149
Take gateway.py#L320C20-L320C30 for example:
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
we first write senstive data, then chmod.
When a file is first created and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified.
During this time window, the attacker may gain access to the file and manipulate its contents or execute malicious code, especially if the file is located in a directory that is writable by the attacker. By the time the permissions are changed using chmod, the attacker may have already exploited the file for their malicious purposes.
This type of attack is a result of the temporal gap between the creation of the file and the subsequent permission modification, allowing for potential unauthorized access and manipulation. This highlights the importance of properly securing sensitive files from the moment of creation and throughout their lifecycle to mitigate the risk of such attacks. |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
and https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/runtime.py#L149
Take gateway.py#L320C20-L320C30 for example:
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
When a file is first written and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified. During this time window, the attacker may gain access to the file. |
|
| 2024-01-20 10:58:55 |
lujiefsi |
information type |
Private Security |
Public Security |
|
| 2024-01-20 11:38:55 |
lujiefsi |
description |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
and https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/runtime.py#L149
Take gateway.py#L320C20-L320C30 for example:
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
When a file is first written and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified. During this time window, the attacker may gain access to the file. |
The vulnerability is at https://github.com/openstack/storlets/blob/928de77bac448c9bc04a274c494608ce7190563a/storlets/gateway/gateways/docker/gateway.py#L320C20-L320C30
Take gateway.py#L320C20-L320C30 for example:
```
with open(cache_target_path, 'wb') as fn:
for data in data_iter:
fn.write(data)
if not is_storlet:
if not perm:
perm = '0600'
os.chmod(cache_target_path, int(perm, 8))
```
When a file is first written and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified. During this time window, the attacker may gain access to the file. |
|
| 2024-01-20 15:06:04 |
OpenStack Infra |
storlets: status |
New |
In Progress |
|
| 2024-01-21 08:38:23 |
OpenStack Infra |
storlets: status |
In Progress |
Fix Released |
|
