utils.execute uses potentially insecure shell=True
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Erica Windisch |
Bug Description
The shell=True argument to subprocess.Popen allows the execution of strings, passed to a sub-shell rather than executing programs directly via execvp. This can cause potential security vulnerabilities due to untrusted input. While it is not known if this is resulting in any current vulnerabilities, it would be practical and advisable to follow best practices, especially as many of the executed commands are run within a EUID=0 context (albeit, largely via 'sudo').
For these reasons, the subprocess module documentation itself advocates using the default, shell=False, as a best-practice.
I have marked this as a vulnerability, as it is potentially exploitable or could cause a vulnerability. I am currently working on a patch, which is approximately 75% complete (and untested).
visibility: | private → public |
Changed in nova: | |
assignee: | nobody → Eric Windisch (ewindisch) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in nova: | |
status: | In Progress → Fix Committed |
Changed in nova: | |
milestone: | none → 2011.2 |
status: | Fix Committed → Fix Released |
Action: Pushed branch, code untested.
Status: Suitable for testing.
Known bugs: Breaks AJAX console.