[
https://issues.apache.org/jira/browse/CLOUDSTACK-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated CLOUDSTACK-10436:
-------------------------------
Description:
I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer
{code:java}
public File createUniqDir() {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
String uniqDirName = dir.getAbsolutePath() + File.separator +
UUID.randomUUID().toString();
if (mkdir(uniqDirName)) {
return new File(uniqDirName);
}
}
}
return null;
}
{code}
So if a user do not specify the "java.io.tmpdir", we will use the default tmp
dir "/tmp" whose mode is 777. Even users specify the "java.io.tmpdir", they may
also forget to set the file mode as 700, hence the tmp dir is still
worldreadable. Our code then create create UniqDir in tmp dir, and it is also
worldreadable.
createUniqDir will be called by swiftUploadMetadataFile and
registerTemplateOnSwift in NfsSecondaryStorageResource. Hence the MetadataFile
will be written in tmp dir and is also worldreadable.
Hum, assums that cloudstack runs on a server as root, and there are also some
regualr users on this server. These regualr users can read these medadatafile,
which is undesirable.
I think this is similar to
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] .
Hope for discuss.
was:
I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer
> We need remind users to use correct permission for tmp dir
> ----------------------------------------------------------
>
> Key: CLOUDSTACK-10436
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10436
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: lujie
> Priority: Critical
> Labels: security-issue
>
> I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer
>
> {code:java}
> public File createUniqDir() {
> String dirName = System.getProperty("java.io.tmpdir");
> if (dirName != null) {
> File dir = new File(dirName);
> if (dir.exists()) {
> String uniqDirName = dir.getAbsolutePath() + File.separator +
> UUID.randomUUID().toString();
> if (mkdir(uniqDirName)) {
> return new File(uniqDirName);
> }
> }
> }
> return null;
> }
> {code}
> So if a user do not specify the "java.io.tmpdir", we will use the default
> tmp dir "/tmp" whose mode is 777. Even users specify the "java.io.tmpdir",
> they may also forget to set the file mode as 700, hence the tmp dir is still
> worldreadable. Our code then create create UniqDir in tmp dir, and it is
> also worldreadable.
>
> createUniqDir will be called by swiftUploadMetadataFile and
> registerTemplateOnSwift in NfsSecondaryStorageResource. Hence the
> MetadataFile will be written in tmp dir and is also worldreadable.
>
> Hum, assums that cloudstack runs on a server as root, and there are also
> some regualr users on this server. These regualr users can read these
> medadatafile, which is undesirable.
>
> I think this is similar to
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] .
>
> Hope for discuss.
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
