| 2015-05-22 20:58:36 |
Ben Howard |
bug |
|
|
added bug |
| 2015-05-22 21:09:14 |
Ben Howard |
attachment added |
|
patch REV1109 https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4402674/+files/fix_plain_text_password.patch |
|
| 2015-05-22 21:10:01 |
Ben Howard |
description |
When provisioning a virtual machine on Azure, a user password may be provided. Cloud-init retrieves the password via ovf-env.xml (stored on a CDROM) which is then written to /var/lib/waagent/ovf-env.xml for later consumption by the WALinuxAgent. After first boot provisioning the user password is not needed by cloud-init.
While the password is stored in plain text on disk, the password is _NOT_ accessible to a non-privelaged user. Both the directory and the file
itself are read-only:
$ stat /var/lib/waagent/
File: ‘/var/lib/waagent/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 2532 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:11.341805500 +0000
Change: 2015-04-13 11:44:11.341805500 +0000
Birth: -
$ sudo stat /var/lib/waagent/ovf-env.xml
File: ‘/var/lib/waagent/ovf-env.xml’
Size: 1633 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 2556 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:08.021992200 +0000
Change: 2015-04-13 11:44:08.021992200 +0000
Birth: -
However, because the fabric presents /dev/sr0 (which contains ovf-env.xml) until the machine reboots, even if cloud-init masked the password, a non-privileged user may be able to read the password via /dev/sr0 (i.e. strings /dev/sr0 | grep UserPassword).
Canonical's guidance on this matter is that any password provided by a fabric is inherently insecure; users should leverage SSH keys. |
When provisioning a virtual machine on Azure, a user password may be provided. Cloud-init retrieves the password via ovf-env.xml (stored on a CDROM) which is then written to /var/lib/waagent/ovf-env.xml for later consumption by the WALinuxAgent. After first boot provisioning the user password is not needed by cloud-init.
While the password is stored in plain text on disk, the password is _NOT_ accessible to a non-privelaged user. Both the directory and the file
itself are read-only:
$ stat /var/lib/waagent/
File: ‘/var/lib/waagent/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 2532 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:11.341805500 +0000
Change: 2015-04-13 11:44:11.341805500 +0000
Birth: -
$ sudo stat /var/lib/waagent/ovf-env.xml
File: ‘/var/lib/waagent/ovf-env.xml’
Size: 1633 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 2556 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:08.021992200 +0000
Change: 2015-04-13 11:44:08.021992200 +0000
Birth: -
Canonical's guidance on this matter is that any password provided by a fabric is inherently insecure; users should leverage SSH keys. |
|
| 2015-05-22 21:14:01 |
Jamie Strandboge |
cloud-init (Ubuntu): importance |
Undecided |
Medium |
|
| 2015-05-22 21:14:03 |
Jamie Strandboge |
cloud-init (Ubuntu): status |
New |
Triaged |
|
| 2015-05-22 21:33:37 |
Ben Howard |
attachment added |
|
Patch for 12.04 https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4402677/+files/lp-1458052-redact-azure-password |
|
| 2015-05-26 16:13:10 |
Ben Howard |
attachment added |
|
Patch for Trusty https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404921/+files/trusty.patch |
|
| 2015-05-26 16:13:36 |
Ben Howard |
attachment added |
|
Debdiff for Trusty https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404922/+files/trusty-deb.diff |
|
| 2015-05-26 16:13:57 |
Ben Howard |
attachment added |
|
Patch for Utopic https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404923/+files/utopic.patch |
|
| 2015-05-26 16:14:21 |
Ben Howard |
attachment added |
|
Debdiff for Utopic https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404924/+files/utopic-deb.diff |
|
| 2015-05-26 16:14:43 |
Ben Howard |
attachment added |
|
Patch for Vivid https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404925/+files/vivid.patch |
|
| 2015-05-26 16:15:04 |
Ben Howard |
attachment added |
|
Debdiff for Vivid https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1458052/+attachment/4404926/+files/vivid-deb.diff |
|
| 2015-05-26 23:16:40 |
Ben Howard |
nominated for series |
|
Ubuntu Precise |
|
| 2015-05-26 23:16:40 |
Ben Howard |
bug task added |
|
cloud-init (Ubuntu Precise) |
|
| 2015-05-26 23:16:40 |
Ben Howard |
nominated for series |
|
Ubuntu Trusty |
|
| 2015-05-26 23:16:40 |
Ben Howard |
bug task added |
|
cloud-init (Ubuntu Trusty) |
|
| 2015-05-26 23:16:40 |
Ben Howard |
nominated for series |
|
Ubuntu Vivid |
|
| 2015-05-26 23:16:40 |
Ben Howard |
bug task added |
|
cloud-init (Ubuntu Vivid) |
|
| 2015-05-26 23:16:40 |
Ben Howard |
nominated for series |
|
Ubuntu Utopic |
|
| 2015-05-26 23:16:40 |
Ben Howard |
bug task added |
|
cloud-init (Ubuntu Utopic) |
|
| 2015-05-26 23:21:07 |
Ben Howard |
description |
When provisioning a virtual machine on Azure, a user password may be provided. Cloud-init retrieves the password via ovf-env.xml (stored on a CDROM) which is then written to /var/lib/waagent/ovf-env.xml for later consumption by the WALinuxAgent. After first boot provisioning the user password is not needed by cloud-init.
While the password is stored in plain text on disk, the password is _NOT_ accessible to a non-privelaged user. Both the directory and the file
itself are read-only:
$ stat /var/lib/waagent/
File: ‘/var/lib/waagent/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 2532 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:11.341805500 +0000
Change: 2015-04-13 11:44:11.341805500 +0000
Birth: -
$ sudo stat /var/lib/waagent/ovf-env.xml
File: ‘/var/lib/waagent/ovf-env.xml’
Size: 1633 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 2556 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:08.021992200 +0000
Change: 2015-04-13 11:44:08.021992200 +0000
Birth: -
Canonical's guidance on this matter is that any password provided by a fabric is inherently insecure; users should leverage SSH keys. |
SRU Justification
[IMPACT] When provisioning a virtual machine on Azure, a user password may be provided. Cloud-init retrieves the password via ovf-env.xml (stored on a CDROM) which is then written to /var/lib/waagent/ovf-env.xml for later consumption by the WALinuxAgent. After first boot provisioning the user password is not needed by cloud-init.
While the password is stored in plain text on disk, the password is _NOT_ accessible to a non-privelaged user. Both the directory and the file
itself are read-only:
$ stat /var/lib/waagent/
File: ‘/var/lib/waagent/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 2532 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:11.341805500 +0000
Change: 2015-04-13 11:44:11.341805500 +0000
Birth: -
$ sudo stat /var/lib/waagent/ovf-env.xml
File: ‘/var/lib/waagent/ovf-env.xml’
Size: 1633 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 2556 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-04-13 11:44:08.021992200 +0000
Modify: 2015-04-13 11:44:08.021992200 +0000
Change: 2015-04-13 11:44:08.021992200 +0000
Birth: -
[GUIDANCE STATEMENT] Canonical's guidance on this matter is that any password provided by a fabric is inherently insecure; users should leverage SSH keys.
[Regression Potential] As this is a backport of the 15.10 Datasource, there is a medium regression potential. The 15.10 Datasource fixes a number of Azure provisioning bugs and is thus desirable.
The updated Datasource includes additional automated testing to confirm code quality.
[TEST Case 1] Upgrade from proposed
1. Install cloud-init from -proposed
2. Shutdown and capture VM
3. Launch captured VM
4. Confirm that the user password is set to "REDACTED" in /var/lib/waagent/ovf-env.xml
[TEST Case 2] New build from proposed
1. Build image from proposed
2. Launch new VM
3. Confirm that the user password is set to "REDACTED" in /var/lib/waagent/ovf-env.xml |
|
| 2015-05-27 20:19:09 |
Ben Howard |
bug |
|
|
added subscriber Stéphane Graber |
| 2015-05-28 00:15:35 |
Seth Arnold |
information type |
Private Security |
Public Security |
|
| 2015-05-28 00:24:30 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2015-05-29 12:40:44 |
Ben Howard |
cloud-init (Ubuntu Vivid): importance |
Undecided |
High |
|
| 2015-05-29 12:40:46 |
Ben Howard |
cloud-init (Ubuntu Utopic): importance |
Undecided |
High |
|
| 2015-05-29 12:40:50 |
Ben Howard |
cloud-init (Ubuntu Trusty): importance |
Undecided |
High |
|
| 2015-05-29 12:40:52 |
Ben Howard |
cloud-init (Ubuntu Precise): importance |
Undecided |
High |
|
| 2015-05-29 12:40:55 |
Ben Howard |
cloud-init (Ubuntu Vivid): status |
New |
Fix Released |
|
| 2015-05-29 12:40:59 |
Ben Howard |
cloud-init (Ubuntu Vivid): assignee |
|
Ben Howard (utlemming) |
|
| 2015-05-29 12:41:01 |
Ben Howard |
cloud-init (Ubuntu Utopic): assignee |
|
Ben Howard (utlemming) |
|
| 2015-05-29 12:41:03 |
Ben Howard |
cloud-init (Ubuntu Trusty): assignee |
|
Ben Howard (utlemming) |
|
| 2015-05-29 12:41:05 |
Ben Howard |
cloud-init (Ubuntu Precise): assignee |
|
Ben Howard (utlemming) |
|
| 2015-05-29 14:55:09 |
Ben Howard |
summary |
Azure Datasource writes user password in plain text |
[SRU] Azure Datasource writes user password in plain text |
|
| 2015-05-29 14:55:19 |
Ben Howard |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2015-05-29 16:48:47 |
Brian Murray |
cloud-init (Ubuntu): status |
Triaged |
Fix Released |
|
| 2015-05-29 16:48:51 |
Brian Murray |
cloud-init (Ubuntu Vivid): status |
Fix Released |
In Progress |
|
| 2015-05-29 16:49:35 |
Brian Murray |
cloud-init (Ubuntu): status |
Fix Released |
Triaged |
|
| 2015-05-29 17:02:05 |
Brian Murray |
cloud-init (Ubuntu): status |
Triaged |
Fix Released |
|
| 2015-05-29 17:02:49 |
Brian Murray |
cloud-init (Ubuntu Vivid): status |
In Progress |
Fix Committed |
|
| 2015-05-29 17:02:52 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2015-05-29 17:02:57 |
Brian Murray |
tags |
patch |
patch verification-needed |
|
| 2015-05-29 17:23:22 |
Brian Murray |
cloud-init (Ubuntu Utopic): status |
New |
Fix Committed |
|
| 2015-05-29 17:25:17 |
Brian Murray |
cloud-init (Ubuntu Trusty): status |
New |
Fix Committed |
|
| 2015-06-01 17:55:11 |
Ben Howard |
tags |
patch verification-needed |
patch verification-done |
|
| 2015-06-08 15:06:33 |
Launchpad Janitor |
cloud-init (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2015-06-08 15:06:46 |
Adam Conrad |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2015-06-08 15:06:53 |
Launchpad Janitor |
cloud-init (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
| 2015-06-08 15:07:01 |
Launchpad Janitor |
cloud-init (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
| 2015-06-08 19:09:27 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/vivid/cloud-init |
|
| 2015-06-16 20:07:42 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty/cloud-init |
|
| 2015-08-26 23:25:03 |
Patricia Gaughen |
cloud-init (Ubuntu): status |
Fix Released |
Fix Committed |
|
| 2015-09-22 16:39:27 |
Stéphane Graber |
cloud-init (Ubuntu Precise): status |
New |
Fix Committed |
|
| 2015-09-22 16:39:31 |
Stéphane Graber |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2015-09-22 16:39:39 |
Stéphane Graber |
tags |
patch verification-done |
patch |
|
| 2015-09-22 16:39:40 |
Stéphane Graber |
tags |
patch |
patch verification-needed |
|
| 2015-09-23 17:14:34 |
Ben Howard |
tags |
patch verification-needed |
patch verification-done |
|
| 2015-09-28 16:03:34 |
Launchpad Janitor |
cloud-init (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2015-11-09 20:07:50 |
Stéphane Graber |
removed subscriber Stéphane Graber |
|
|
|
| 2016-04-05 13:57:45 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/cloud-init |
|
| 2016-04-21 15:19:51 |
Ben Howard |
cloud-init (Ubuntu): status |
Fix Committed |
Fix Released |
|
