** Also affects: nova/newton
   Importance: Undecided
       Status: New

** Changed in: nova/newton
   Importance: Undecided => Medium

** Changed in: nova/newton
       Status: New => In Progress

** Changed in: nova/newton
     Assignee: (unassigned) => Lee Yarwood (lyarwood)

** Changed in: nova
   Importance: Undecided => Medium

You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).

  re-runs self via sudo

Status in Cinder:
  Fix Released
Status in Designate:
  In Progress
Status in ec2-api:
  In Progress
Status in gce-api:
  In Progress
Status in Manila:
  In Progress
Status in masakari:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) newton series:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix
Status in Rally:
  In Progress

Bug description:
  Hello, I'm looking through Designate source code to determine if is
  appropriate to include in Ubuntu Main. This isn't a full security

  This looks like trouble:


  def main():

          utils.read_config('designate', sys.argv)
          logging.setup(CONF, 'designate')
      except cfg.ConfigFilesNotFoundError:
          cfgfile = CONF.config_file[-1] if CONF.config_file else None
          if cfgfile and not os.access(cfgfile, os.R_OK):
              st = os.stat(cfgfile)
              print(_("Could not read %s. Re-running with sudo") % cfgfile)
                  os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + 
              except Exception:
                  print(_('sudo failed, continuing as if nothing happened'))

          print(_('Please re-run designate-manage as root.'))

  This is an interesting decision -- if the configuration file is _not_ 
readable by the user in question, give the executing user complete privileges 
of the user that owns the unreadable file.

  I'm not a fan of hiding privilege escalation / modifications in
  programs -- if a user had recently used sudo and thus had the
  authentication token already stored for their terminal, this 'hidden'
  use of sudo may be unexpected and unwelcome, especially since it
  appears that argv from the first call leaks through to the sudo call.

  Is this intentional OpenStack style? Or unexpected for you guys too?

  (Feel free to make this public at your convenience.)


To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to