tripleo

Potential privilege escalation with the default libvirtd TLS config

Bug #1730370 reported by Oliver Walsh on 2017-11-06

260

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

tripleo

Fix Released

High

Juan Antonio Osorio Robles

tripleo queens-2

You need to log in to change this bug's status.

Affecting:	tripleo
Filed here by:	Oliver Walsh
When:	2017-11-06
Confirmed:	2017-11-06
Assigned:	2017-11-06
Started work:	2017-11-15
Completed:	2017-11-15

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance	Milestone
	High	tripleo queens-2

Assigned to

	Me
	Juan Antonio Osorio Robles (juan-osorio-robles)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

With the default TLS setup, any service with a certificate from the CA will be granted access to libvirtd.

There are a number of options to address this:
- use a different CA just for libvirt access
- filter allowed clients
- enable SASL auth for libvirtd
- disabled libvirt TLS

Add tags Tag help

CVE References

2017-15114

Steven Hardy (shardy) wrote on 2017-11-06:

Triaged as this is already assigned, we should discuss the plan for merging/backporting before making this public,

Changed in tripleo:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → queens-2

Emilien Macchi (emilienm) wrote on 2017-11-07:

We should reach Summer Long <email address hidden> if whether or not embargo is required on this issue, and if a CVE is accurate.

Emilien Macchi (emilienm) wrote on 2017-11-07:

IMHO, we should use enable SASL auth for libvirtd and filter allowed clients at minimum.
Having an dedicated CA is good but I think not enough; I like the SASL layer for credentials, which will allow us to have granular authentification and enable PolicyKit for example.

Oliver Walsh (owalsh) wrote on 2017-11-07:

Do we have puppet support for managing SASL?

Oliver Walsh (owalsh) wrote on 2017-11-07:

BTW we had to drop polkit when we containerized this.

Joshua Padman (jpadman) wrote on 2017-11-07: Re: [Bug 1730370] Re: Potential privilege escalation with the default libvirtd TLS config

Thank you for the add and the info. Summer Long normally takes Director
etc but Summit!

Cheers,
Josh

On 07/11/17 12:30, Oliver Walsh wrote:
> BTW we had to drop polkit when we containerized this.
>

--
Joshua Padman / Red Hat Product Security

Oliver Walsh (owalsh) wrote on 2017-11-15:

Libvirt TLS has been disabled in https://review.openstack.org/#/q/I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23

information type:	Private Security → Public Security
Changed in tripleo:
status:	Triaged → Fix Released

OpenStack Infra (hudson-openstack) wrote on 2017-12-04: Fix included in openstack/tripleo-heat-templates 8.0.0.0b2

This issue was fixed in the openstack/tripleo-heat-templates 8.0.0.0b2 development milestone.

Report a bug

This report contains Public Security information Edit

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers