Tighten access to runtime agent folders

Murano Agent uses default folder permissions for the
execution plans and scripts. If the default is too permissive
(which is unusual), other users on that machine can trick
the agent to execute malicious execution plans by putting files
into queue folder and use it to get the root privileges.
In most common sense users won't have write permissions to murano-agent
folders. However, they can hijack execution plans and other data
that might contain sensitive information.

This commit sets 0700 mode to the agent runtime folders so that they
can be accessed only by the user that runs the agent (+ the root,
if it's someone else).

Change-Id: I27f0495a509c4d1435d630e2bc5bfdf3549486d5
This commit is contained in:
Stan Lagun 2017-11-22 02:00:41 -08:00
parent 81335ac520
commit 2468fb5939
3 changed files with 9 additions and 3 deletions

View File

@ -32,7 +32,12 @@ class ExecutionPlanQueue(object):
def __init__(self):
self._plans_folder = os.path.join(CONF.storage, 'plans')
if not os.path.exists(self._plans_folder):
os.makedirs(self._plans_folder)
os.makedirs(self._plans_folder, 0o700)
else:
try:
os.chmod(self._plans_folder, 0o700)
except OSError:
pass
def put_execution_plan(self, execution_plan):
timestamp = str(int(time.time() * 10000))

View File

@ -40,7 +40,7 @@ class FilesManager(object):
CONF.storage, 'files', execution_plan.ID)
if os.path.exists(self._cache_folder):
self.clear()
os.makedirs(self._cache_folder)
os.makedirs(self._cache_folder, 0o700)
def put_file(self, file_id, script):
if type(file_id) is dict:

View File

@ -31,8 +31,9 @@ CONF = cfg.CONF
class TestApp(base.MuranoAgentTestCase, fixtures.FunctionFixture):
@mock.patch('os.chmod')
@mock.patch('os.path.exists')
def setUp(self, mock_path):
def setUp(self, mock_path, mock_chmod):
super(TestApp, self).setUp()
mock_path.return_value = True
self.agent = app.MuranoAgent()