tripleo-common sudoers file to permissive

Bug #1705709 reported by Toure Dunnon on 2017-07-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Toure Dunnon

Bug Description

The sudoers files as installed with openstack-tripleo-common package is much too permissive. It contains several lines for the Mistral
user that have wildcards that allow directory traversal with ".."
and it grants full passwordless root access to the validations user.

Toure Dunnon (toure) wrote :
Changed in tripleo:
importance: Undecided → High

Change abandoned by Toure Dunnon (<email address hidden>) on branch: master
Review: https://review.openstack.org/486142

Changed in tripleo:
status: New → Triaged
tags: added: tripleo-common
Changed in tripleo:
milestone: pike-3 → pike-rc1
Toure Dunnon (toure) on 2017-08-04
Changed in tripleo:
status: Triaged → In Progress

Reviewed: https://review.openstack.org/486147
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=34713f3b52f4da950d565f7ad490f03d55706b82
Submitter: Jenkins
Branch: master

commit 34713f3b52f4da950d565f7ad490f03d55706b82
Author: Toure Dunnon <email address hidden>
Date: Fri Jul 21 09:45:31 2017 -0400

    tripleo-common sudoers file is to permissive.

    The sudoers files as installed with openstack-tripleo-common package
    is much too permissive. It contains several lines for the mistral
    user that have wildcards that allow directory traversal with ".."
    which grants full passwordless root access to the validations user.

    Change-Id: I34073671c8f97d7bfbe1030ed52e6627a07dacfb
    Related-Bug: 1705709

Changed in tripleo:
milestone: pike-rc1 → pike-rc2
Ryan Brady (rbrady) on 2017-08-30
Changed in tripleo:
status: In Progress → Fix Released
Florian Fuchs (flo-fuchs) wrote :

This fix is breaking tripleo-validations when run through mistral (as mentioned in the original bug report #1677315).

Toure Dunnon (toure) wrote :

What is breaking? On what release? Do you have log info?

Florian Fuchs (flo-fuchs) wrote :

There's another bug report and a corresponding patch:

- https://bugs.launchpad.net/tripleo/+bug/1716625
- https://review.openstack.org/#/c/503002/

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers