OpenStack Compute (nova)

  1. Bug #1031311
  2. Comment #20

Comment 20 for bug 1031311

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/essex)

Reviewed: https://review.openstack.org/10952
Committed: http://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368
Submitter: Jenkins
Branch: stable/essex

commit d9577ce9f266166a297488445b5b0c93c1ddb368
Author: Pádraig Brady <email address hidden>
Date: Tue Jul 31 14:05:35 2012 +0100

    Prohibit file injection writing to host filesystem

    This is a refinement of the previous fix in commit 2427d4a9,
    which does the file name canonicalization as the root user.
    This is required so that guest images could not for example,
    protect malicious symlinks in a directory only readable by root.

    Fixes bug: 1031311, CVE-2012-3447
    Change-Id: I7f7cdeeffadebae7451e1e13f73f1313a7df9c5c