Insecure rootwrap usage
Bug #1700501 reported by
Tristan Cacqueray
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned | ||
OpenStack Compute (nova) |
Incomplete
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Shared File Systems Service (Manila) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Reported by Benjamin Deuter of SUSE:
Some rootwrap filters are too permissive and allow privilege escalation from service user, as explained here:
https:/
For example this shouldn't be authorized:
sudo nova-rootwrap /etc/nova/
Changed in ossa: | |
status: | Incomplete → Won't Fix |
Changed in manila: | |
status: | New → Incomplete |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.