OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1031311
Comment #19

Comment 19 for bug 1031311

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-08-07: Fix merged to nova (master)

#19

Reviewed: https://review.openstack.org/10951
Committed: http://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3
Submitter: Jenkins
Branch: master

commit ce4b2e27be45a85b310237615c47eb53f37bb5f3
Author: Pádraig Brady <email address hidden>
Date: Tue Jul 31 14:05:35 2012 +0100

Prohibit file injection writing to host filesystem

    This is a refinement of the previous fix in commit 2427d4a9,
    which does the file name canonicalization as the root user.
    This is required so that guest images could not for example,
    protect malicious symlinks in a directory only readable by root.

Fixes bug: 1031311, CVE-2012-3447
Change-Id: I7f7cdeeffadebae7451e1e13f73f1313a7df9c5c