lujiefsi opened a new pull request #5066:
URL: https://github.com/apache/cloudstack/pull/5066
### Description
I think there is a potential securiry issuse in
createUniqDir#JavaStorageLayer
public File createUniqDir() {
String dirName = System.getProperty("java.io.tmpdir");
if (dirName != null) {
File dir = new File(dirName);
if (dir.exists()) {
String uniqDirName = dir.getAbsolutePath() + File.separator
+ UUID.randomUUID().toString();
if (mkdir(uniqDirName)) {
return new File(uniqDirName);
}
}
}
return null;
}
So if a user do not specify the "java.io.tmpdir", we will use the default
tmp dir "/tmp" whose mode is 777. Even users specify the "java.io.tmpdir", they
may also forget to set the file mode as 700, hence the tmp dir is still
worldreadable. Our code then create create UniqDir in tmp dir, and it is also
worldreadable.
createUniqDir will be called by swiftUploadMetadataFile and
registerTemplateOnSwift in NfsSecondaryStorageResource. Hence the MetadataFile
will be written in tmp dir and is also worldreadable.
Hum, assums that cloudstack runs on a server as root, and there are also
some regualr users on this server. These regualr users (they even do not
belong to cloudstack group) can read these medadatafile, which is undesirable.
I think this is similar to
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908 .
This PR will remind users to use correct permission for tmp dir.
<!--- Describe your changes in DETAIL - And how has behaviour functionally
changed. -->
<!-- For new features, provide link to FS, dev ML discussion etc. -->
<!-- In case of bug fix, the expected and actual behaviours, steps to
reproduce. -->
<!-- When "Fixes: #<id>" is specified, the issue/PR will automatically be
closed when this PR gets merged -->
<!-- For addressing multiple issues/PRs, use multiple "Fixes: #<id>" -->
<!-- Fixes: # -->
<!---
*********************************************************************************
-->
<!--- NOTE: AUTOMATATION USES THE DESCRIPTIONS TO SET LABELS AND PRODUCE
DOCUMENTATION. -->
<!--- PLEASE PUT AN 'X' in only **ONE** box -->
<!---
*********************************************************************************
-->
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [x] Major
- [ ] Minor
#### Bug Severity
- [ ] BLOCKER
- [x] Critical
- [ ] Major
- [ ] Minor
- [ ] Trivial
### Screenshots (if appropriate):
### How Has This Been Tested?
<!-- Please describe in detail how you tested your changes. -->
<!-- Include details of your testing environment, and the tests you ran to
-->
<!-- see how your change affects other areas of the code, etc. -->
<!-- Please read the
[CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md)
document -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
