Potential security risk in RAW field in templates!
|Assignee:||Javi Fontan||% Done:|
|Category:||Core & System|
|Target version:||Release 5.4|
|Affected Versions:||OpenNebula 4.0, OpenNebula 4.10, OpenNebula 4.12, OpenNebula 4.14, OpenNebula 4.2, OpenNebula 4.4, OpenNebula 4.6, OpenNebula 4.8, OpenNebula 5.0, OpenNebula 5.2|
Be careful if you allow users to create templates byself.
It may be very dangerous even if you disabled this
other-tab in sunstone interface, advanced view may be used for todo this.
User can do anything with this field, for example:
Passthrough host filesystem:
RAW = [ DATA = "<devices> <filesystem type='mount' accessmode='passthrough'> <source dir='/'/> <target dir='hostroot'/> </filesystem> </devices>", TYPE = "kvm" ]
Then inside vm:
mount hostroot /mnt/ -t 9p -o trans=virtio
- You can get access to some files on the host accessed from the
- You can get access to
/var/lib/one/datastores and can get access to data of vm's that not owned by you.
- You can dump other vm disks and get access to passwords of web-services or databases of other users.
- You can create big file on the host and attach it as vm disk.
- You can create internal network interface and get access to vnc consoles of all vm's and other services in your internal network.
And this is only part of the thoughts to what it can lead...
#1 Updated by kvaps kvaps about 4 years ago
- Private changed from Yes to No
Ruben is answered me about this issue:
This is may be solved by adding this option into oned.conf:
VM_RESTRICTED_ATTR = "RAW"
I think we need to include this option by default into oned.conf
So I'm directing this issue for this.