summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStan Lagun <slagun@mirantis.com>2017-11-22 02:00:41 -0800
committerStan Lagun <slagun@mirantis.com>2017-11-22 10:00:26 -0800
commit2468fb59395e04f5f06ab14e64834a4c1ae46984 (patch)
treef57530ec35e4f3f5418bda8513b03d45503c1a25
parent81335ac52049f97d373cc266f5b2931c807447b5 (diff)
Tighten access to runtime agent folders
Murano Agent uses default folder permissions for the execution plans and scripts. If the default is too permissive (which is unusual), other users on that machine can trick the agent to execute malicious execution plans by putting files into queue folder and use it to get the root privileges. In most common sense users won't have write permissions to murano-agent folders. However, they can hijack execution plans and other data that might contain sensitive information. This commit sets 0700 mode to the agent runtime folders so that they can be accessed only by the user that runs the agent (+ the root, if it's someone else). Change-Id: I27f0495a509c4d1435d630e2bc5bfdf3549486d5
Notes
Notes (review): Code-Review+1: Serg Melikyan <smelikyan@mirantis.com> Code-Review+2: Alexander Tivelkov <locher@yandex.ru> Code-Review+2: zhurong <aaronzhu1121@gmail.com> Workflow+1: zhurong <aaronzhu1121@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 23 Nov 2017 00:58:24 +0000 Reviewed-on: https://review.openstack.org/522198 Project: openstack/murano-agent Branch: refs/heads/master
-rw-r--r--muranoagent/execution_plan_queue.py7
-rw-r--r--muranoagent/files_manager.py2
-rw-r--r--muranoagent/tests/unit/test_app.py3
3 files changed, 9 insertions, 3 deletions
diff --git a/muranoagent/execution_plan_queue.py b/muranoagent/execution_plan_queue.py
index 058c655..9a01915 100644
--- a/muranoagent/execution_plan_queue.py
+++ b/muranoagent/execution_plan_queue.py
@@ -32,7 +32,12 @@ class ExecutionPlanQueue(object):
32 def __init__(self): 32 def __init__(self):
33 self._plans_folder = os.path.join(CONF.storage, 'plans') 33 self._plans_folder = os.path.join(CONF.storage, 'plans')
34 if not os.path.exists(self._plans_folder): 34 if not os.path.exists(self._plans_folder):
35 os.makedirs(self._plans_folder) 35 os.makedirs(self._plans_folder, 0o700)
36 else:
37 try:
38 os.chmod(self._plans_folder, 0o700)
39 except OSError:
40 pass
36 41
37 def put_execution_plan(self, execution_plan): 42 def put_execution_plan(self, execution_plan):
38 timestamp = str(int(time.time() * 10000)) 43 timestamp = str(int(time.time() * 10000))
diff --git a/muranoagent/files_manager.py b/muranoagent/files_manager.py
index 234eef8..84d935f 100644
--- a/muranoagent/files_manager.py
+++ b/muranoagent/files_manager.py
@@ -40,7 +40,7 @@ class FilesManager(object):
40 CONF.storage, 'files', execution_plan.ID) 40 CONF.storage, 'files', execution_plan.ID)
41 if os.path.exists(self._cache_folder): 41 if os.path.exists(self._cache_folder):
42 self.clear() 42 self.clear()
43 os.makedirs(self._cache_folder) 43 os.makedirs(self._cache_folder, 0o700)
44 44
45 def put_file(self, file_id, script): 45 def put_file(self, file_id, script):
46 if type(file_id) is dict: 46 if type(file_id) is dict:
diff --git a/muranoagent/tests/unit/test_app.py b/muranoagent/tests/unit/test_app.py
index d870728..6d4260c 100644
--- a/muranoagent/tests/unit/test_app.py
+++ b/muranoagent/tests/unit/test_app.py
@@ -31,8 +31,9 @@ CONF = cfg.CONF
31 31
32class TestApp(base.MuranoAgentTestCase, fixtures.FunctionFixture): 32class TestApp(base.MuranoAgentTestCase, fixtures.FunctionFixture):
33 33
34 @mock.patch('os.chmod')
34 @mock.patch('os.path.exists') 35 @mock.patch('os.path.exists')
35 def setUp(self, mock_path): 36 def setUp(self, mock_path, mock_chmod):
36 super(TestApp, self).setUp() 37 super(TestApp, self).setUp()
37 mock_path.return_value = True 38 mock_path.return_value = True
38 self.agent = app.MuranoAgent() 39 self.agent = app.MuranoAgent()