Tech Debt: possible symlink attack

Bug #1471376 reported by Sam Yaple
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Critical
Sam Yaple

Bug Description

https://review.openstack.org/#/c/196428/

The procedure here adds content to a file in /tmp with a static name. This file is not verifed to exist in a secure manner.

Steven Dake (sdake)
Changed in kolla:
status: New → Triaged
importance: Undecided → Critical
milestone: none → liberty-2
Revision history for this message
Dave McCowan (dave-mccowan) wrote :

This page gives details on how to use temporary files securely.
https://ci.openstack.org/guidelines/dg_using-temporary-files-securely.html

Revision history for this message
Sam Yaple (s8m) wrote :

This isn't python creating the file directly, but rather ansible module. Luckily this appears as if it can be pretty quickly fixed by simply ensuring the file exists as a file and proper permissions.

Sam Yaple (s8m)
Changed in kolla:
assignee: nobody → Sam Yaple (s8m)
status: Triaged → In Progress
Revision history for this message
Steven Dake (sdake) wrote :

Dave do you think this review looks appropriate to fix the problem?

https://review.openstack.org/#/c/198520/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (master)

Reviewed: https://review.openstack.org/198520
Committed: https://git.openstack.org/cgit/stackforge/kolla/commit/?id=37ca7222bb83ff0de15c0502551b7e9e0960983a
Submitter: Jenkins
Branch: master

commit 37ca7222bb83ff0de15c0502551b7e9e0960983a
Author: Sam Yaple <email address hidden>
Date: Sun Jul 5 07:20:16 2015 +0000

    fix possible symlink attack with ansible

    The commands used to create a temporary file on the localhost were
    vulnerable to a symlink attack. Removing the shell module and ensuring
    the ansible copy and file module is used will verify this file exists as a
    file with the correct permissions and ownership

    Change-Id: I829483edf1435e41726ebfe1bc826e0c2e5265e3
    Closes-Bug: 1471376

Changed in kolla:
status: In Progress → Fix Committed
Sam Yaple (s8m)
Changed in kolla:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.