Bug #5149
Potential security risk in RAW field in templates!
Status: | Closed | Start date: | 05/10/2017 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | Javi Fontan | % Done: | 0% | |
Category: | Core & System | |||
Target version: | Release 5.4 | |||
Resolution: | fixed | Pull request: | ||
Affected Versions: | OpenNebula 4.0, OpenNebula 4.10, OpenNebula 4.12, OpenNebula 4.14, OpenNebula 4.2, OpenNebula 4.4, OpenNebula 4.6, OpenNebula 4.8, OpenNebula 5.0, OpenNebula 5.2 |
Description
Be careful if you allow users to create templates byself.
It may be very dangerous even if you disabled this other-tab
in sunstone interface, advanced view may be used for todo this.
User can do anything with this field, for example:
Passthrough host filesystem:
RAW = [ DATA = "<devices> <filesystem type='mount' accessmode='passthrough'> <source dir='/'/> <target dir='hostroot'/> </filesystem> </devices>", TYPE = "kvm" ]
Then inside vm:
mount hostroot /mnt/ -t 9p -o trans=virtio
- You can get access to some files on the host accessed from the libvirt
user.
- You can get access to /var/lib/one/datastores
and can get access to data of vm's that not owned by you.
- You can dump other vm disks and get access to passwords of web-services or databases of other users.
- You can create big file on the host and attach it as vm disk.
- You can create internal network interface and get access to vnc consoles of all vm's and other services in your internal network.
And this is only part of the thoughts to what it can lead...
Associated revisions
B #5149: set RAW as a restricted attribute
B #5149: add RAW as restricted attribute
History
#1 Updated by kvaps kvaps about 4 years ago
- Private changed from Yes to No
Hello,
Ruben is answered me about this issue:
This is may be solved by adding this option into oned.conf:
VM_RESTRICTED_ATTR = "RAW"
I think we need to include this option by default into oned.conf
So I'm directing this issue for this.
#2 Updated by Ruben S. Montero about 4 years ago
- Target version set to Release 5.4
- Resolution deleted (
wontfix)
#3 Updated by Abel Coronado about 4 years ago
- Assignee set to Abel Coronado
#4 Updated by Abel Coronado about 4 years ago
- % Done changed from 0 to 100
#5 Updated by Abel Coronado about 4 years ago
- Assignee deleted (
Abel Coronado) - % Done changed from 100 to 0
#6 Updated by Ruben S. Montero about 4 years ago
- Assignee set to Javi Fontan
#7 Updated by Javi Fontan almost 4 years ago
- Status changed from Pending to Closed
- Resolution set to fixed
Added restricted attribute to both 5.2 and master branches.