Bug 1034172 - Cloud-Init: generated config-drive CD image is world-readable
Summary: Cloud-Init: generated config-drive CD image is world-readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: vdsm
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.4.0
Assignee: Francesco Romani
QA Contact: Pavel Novotny
URL:
Whiteboard: virt
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-25 11:54 UTC by Pavel Novotny
Modified: 2014-06-09 13:26 UTC (History)
11 users (show)

Fixed In Version: ovirt-3.4.0-beta2
Doc Type: Bug Fix
Doc Text:
Previously, when running a virtual machine once with Cloud-Init, the config-drive CD image created was world-readable. This .img file has now been set to be readable only for vdsm:qemu (that is, the permissions have been set to 640).
Clone Of:
Environment:
Last Closed: 2014-06-09 13:26:42 UTC
oVirt Team: ---
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0504 0 normal SHIPPED_LIVE vdsm 3.4.0 bug fix and enhancement update 2014-06-09 17:21:35 UTC
oVirt gerrit 21946 0 None None None Never

Description Pavel Novotny 2013-11-25 11:54:06 UTC 
Description of problem:
When running a VM via Run Once with Cloud-Init, the created config-drive CD image is world readable.
Since it contains sensitive informations such as root password or SSH auth. key, it should not be readable for everyone.

Version-Release number of selected component (if applicable):
rhevm-3.3.0-0.35.beta1.el6ev.noarch (is24)

How reproducible:
100%

Steps to Reproduce:
1. In Webadmin, have a VM and run it via Run Once with some values in Initial Run/Cloud-Init section.
2. On the host the VM is running on, search the qemu process for the attached CD-ROM image file (ps aux | grep [q]emu | grep cdrom). 
It looks like: 
-drive file=/var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.8
1b3df31f8697cbeb6accd60218166b7.img,if=none,media=cdrom,id=drive-ide0-1-1,readonly=on,format=raw,serial=

3. Check permissions of the CD-ROM image file.

Actual results:
# ls -l /var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.81b3df31f8697cbeb6accd60218166b7.img
-rw-r--r--. 1 vdsm qemu 366592 21. lis 17.33 /var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.81b3df31f8697cbeb6accd60218166b7.img
# ^^^ the permission is 644

Expected results:
The .img file should be readable only for vdsm:qemu, not for everyone, the permission should be set to 640.

Additional info:
Comment 1 Pavel Novotny 2014-02-18 12:13:13 UTC 
Verified upstream in ovirt-engine-3.4.0-0.7.beta2.el6.noarch.

Following the reproducer in comment 0 for verification.
Results:
The attached CD image file is now no longer world-readable:

# ps aux | grep [q]emu | grep cdrom
qemu      9377 58.4  0.4 1568208 32880 ?       Sl   11:59   0:08 /usr/libexec/qemu-kvm -name cloudy -S -M rhel6.5.0 -cpu Penryn -enable-kvm -m 1024 [...snip...] -drive file=/var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img,if=none,media=cdrom [...snip...]
# ls -l /var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img
-rw-r-----. 1 vdsm qemu 366592 Feb 18 11:59 /var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img
Comment 2 errata-xmlrpc 2014-06-09 13:26:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0504.html
Note You need to log in before you can comment on or make changes to this bug.