Bug #5149

Potential security risk in RAW field in templates!

Added by kvaps kvaps over 3 years ago. Updated over 3 years ago.

Status:ClosedStart date:05/10/2017
Priority:HighDue date:
Assignee:Javi Fontan% Done:

0%

Category:Core & System
Target version:Release 5.4
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.0, OpenNebula 4.10, OpenNebula 4.12, OpenNebula 4.14, OpenNebula 4.2, OpenNebula 4.4, OpenNebula 4.6, OpenNebula 4.8, OpenNebula 5.0, OpenNebula 5.2

Description

Be careful if you allow users to create templates byself.
It may be very dangerous even if you disabled this other-tab in sunstone interface, advanced view may be used for todo this.

User can do anything with this field, for example:

Passthrough host filesystem:

RAW = [
  DATA = "<devices>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/'/>
      <target dir='hostroot'/>
    </filesystem>
  </devices>",
TYPE = "kvm" ]

Then inside vm:

mount hostroot /mnt/ -t 9p -o trans=virtio

- You can get access to some files on the host accessed from the libvirt user.
- You can get access to /var/lib/one/datastores and can get access to data of vm's that not owned by you.
- You can dump other vm disks and get access to passwords of web-services or databases of other users.

- You can create big file on the host and attach it as vm disk.
- You can create internal network interface and get access to vnc consoles of all vm's and other services in your internal network.

And this is only part of the thoughts to what it can lead...

Associated revisions

Revision 8f11a1d6
Added by Abel Coronado over 3 years ago

F #5149 Removed autorefresh option (#302)

Revision 7edd0675
Added by Abel Coronado over 3 years ago

Bug #5149 Removed autorefresh option in sunstone-config (#303)

Revision e646b2eb
Added by Javi Fontan over 3 years ago

B #5149: set RAW as a restricted attribute

Revision 33b7c27d
Added by Javi Fontan over 3 years ago

B #5149: add RAW as restricted attribute

History

#1 Updated by kvaps kvaps over 3 years ago

  • Private changed from Yes to No

Hello,

Ruben is answered me about this issue:
This is may be solved by adding this option into oned.conf:

VM_RESTRICTED_ATTR = "RAW" 

I think we need to include this option by default into oned.conf
So I'm directing this issue for this.

#2 Updated by Ruben S. Montero over 3 years ago

  • Target version set to Release 5.4
  • Resolution deleted (wontfix)

#3 Updated by Abel Coronado over 3 years ago

  • Assignee set to Abel Coronado

#4 Updated by Abel Coronado over 3 years ago

  • % Done changed from 0 to 100

#5 Updated by Abel Coronado over 3 years ago

  • Assignee deleted (Abel Coronado)
  • % Done changed from 100 to 0

#6 Updated by Ruben S. Montero over 3 years ago

  • Assignee set to Javi Fontan

#7 Updated by Javi Fontan over 3 years ago

  • Status changed from Pending to Closed
  • Resolution set to fixed

Added restricted attribute to both 5.2 and master branches.

Also available in: Atom PDF