In the Couchbase implementation of restore in Trove, the following takes place:
1) pre-restore removes previous temp directory contents here: https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/couchbase_impl.py#L45
2) run_restore of the parent class is executed which puts together and runs the following command:
"openssl enc -d -aes-256-cbc -salt -pass pass:%s | gzip -d -c | sudo tar xPf -"
3) post-restore reads the secret key from an extracted file here:
https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/couchbase_impl.py#L54
4) a command is built from inputs from a JSON file in the directory created above starting here:
https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/couchbase_impl.py#L67
5) the command built in step 4 is executed
At no point in this process are permissions explicitly set. Presumably the files will be created based on the umask of the user that Trove runs as. This opens up the possibility for a couple of vulnerabilities:
1) malicious user can read the secret key if the default permissions are world readable (which is pretty common for many system's default umask)
2) malicious user can write arbitrary commands to be executed in step 5 with a shell injection vulnerability if the default permissions are world writeable. An example of this vulnerability would be something like setting bucket type in this line:
https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/couchbase_impl.py#L75
to something like "; rm -rf /etc". The possibilities for exploits are nearly endless as any command that the Trove user can run, the attacker can run.
I've added an advisory task in an incomplete state pending feedback from the trove-coresec team, whom I've also just subscribed to this bug.