A vulnerability was discovered in OpenStack Nova, where the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. The issue has said to be surfaced due to a previous fix (https://review.openstack.org/gitweb?p=openstack%2Fnova.git;a=commitdiff;h=46de2d1e2d0abd6fdcd4da13facaf3225c721f5e), where the temporary directory was given 777 permissions, which could allow every user on the whole system to write there. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. References: http://seclists.org/oss-sec/2013/q4/474 https://bugs.launchpad.net/nova/+bug/1227027
Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1040788] Affects: epel-6 [bug 1040789]
Fix information: Icehouse (development branch) fix: https://review.openstack.org/#/c/58852/ Havana fix: https://review.openstack.org/#/c/60548/ Grizzly fix: https://review.openstack.org/#/c/60550/
Salvatore Bonaccorso noted in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022 "From https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.2 and looking at nova/virt/libvirt/driver.py this looks it is fixed only in 2013.2.2." Is that a concern for anything Red Hat ships?
openstack-nova-2013.2.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html
openstack-nova-2013.1.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0366 https://rhn.redhat.com/errata/RHSA-2014-0366.html