Hi! While reviewing OpenNebula's source (3.0.0) I found some craziness. It seems to create world writable files and directories.
tm_mad/shared/tm_ln.sh:42:exec_and_log "chmod a+w $DST_DIR" tm_mad/shared/tm_mkimage.sh:45:exec_and_log "chmod a+rw $DST_PATH" tm_mad/shared/tm_clone.sh:44:exec_and_log "chmod a+w $DST_DIR" tm_mad/shared/tm_clone.sh:60:exec_and_log "chmod a+rw $DST_PATH" tm_mad/shared/tm_mkswap.sh:40:exec_and_log "chmod a+w $DST_DIR" tm_mad/shared/tm_mkswap.sh:50:exec_and_log "chmod a+w $DST_PATH" tm_mad/lvm/tm_mkimage.sh:38:exec_and_log "$SSH $DST_HOST chmod a+rw $DST_PATH" tm_mad/lvm/tm_mkswap.sh:42:exec_and_log "$SSH $DST_HOST chmod a+w $DST_PATH" tm_mad/ssh/tm_mkimage.sh:41:exec_and_log "$SSH $DST_HOST chmod a+rw $DST_PATH" tm_mad/ssh/tm_clone.sh:60:exec_and_log "$SSH $DST_HOST chmod a+rw $DST_PATH" tm_mad/ssh/tm_mkswap.sh:44:exec_and_log "$SSH $DST_HOST chmod a+w $DST_PATH" vm/VirtualMachine.cc:154: chmod(oss.str().c_str(), 0777); vm/VirtualMachine.cc:153: mkdir(oss.str().c_str(), 0777); vmm_mad/remotes/kvm/save:27: chmod 666 $file This has to get fixed, it's security risk! -- Thanks, //richard _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
