Bug 1813429 - tests image requires /etc/passwd be writable
Summary: tests image requires /etc/passwd be writable
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Test Infrastructure
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.4.0
Assignee: Clayton Coleman
QA Contact:
URL:
Whiteboard:
Depends On: 1813428
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-13 19:11 UTC by Clayton Coleman
Modified: 2020-05-15 00:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1813428
Environment:
Last Closed: 2020-05-15 00:24:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift origin pull 24691 0 None closed [release-4.4] Bug 1813429: Restore globally-writeable /etc/passwd in tests image 2020-05-14 23:52:33 UTC

Description Clayton Coleman 2020-03-13 19:11:44 UTC
+++ This bug was initially created as a clone of Bug #1813428 +++

https://bugzilla.redhat.com/show_bug.cgi?id=1793287 removed the writable /etc/passwd which is required by the test infra.  I am reverting the change and back porting to 4.4 because this blocks our disruptive testing.

The underlying issue is not a cve, it is trivial for any container launcher to gain control of /etc/passwd.  The tests image is intended for a wide range of uses and this use is deliberate until we have moved all test infra to a 4.x version.

Comment 4 Steve Kuznetsov 2020-05-15 00:24:13 UTC
This merged but is not something QE verifies.


Note You need to log in before you can comment on or make changes to this bug.