]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commit
Code Review / openstack-build / cinder-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d4e7534) | patch
Fix Scality SRB driver security concerns
authorJordanP <jordan.pittier@scality.com>
Mon, 2 Feb 2015 13:36:52 +0000 (13:36 +0000)
committerJordanP <jordan.pittier@scality.com>
Thu, 12 Feb 2015 11:11:06 +0000 (12:11 +0100)
commit114c84ae585c11c7e9492c96efa21570b6cd6b02
tree41640e24c80c42ca6422655daea5ffbb1f0ea4b9tree | snapshot
parentd4e75340ecd1b8a070b764626667ae47d561e26dcommit | diff
Fix Scality SRB driver security concerns

LP #1414531 raised 2 issues :
1)A potential arbitrary code execution if the Cinder Linux user
has write access to /etc/cinder/cinder.conf
2)An overall concern/question about the usage of the command
'sudo sh -c' throughout the srb driver

This patch fixes 1) with proper configuration validation and
2) with usage of cinder-rootwrap.

Closes-Bug: 1414531
Change-Id: Idddb9633af3a45d65bbfa0146a14575e2984f6bd
cinder/tests/test_srb.py diff | blob | history
cinder/volume/drivers/srb.py diff | blob | history