From 03573a02a3235db2bf65d48aceb92a6e81850dd9 Mon Sep 17 00:00:00 2001 From: Vipin Balachandran Date: Fri, 22 Aug 2014 10:19:29 +0530 Subject: [PATCH] VMware: Disable suds caching The default cache implementation in suds store pickled objects in a predictable path in /tmp which could lead to attacks. This patch turns off suds caching to address this security issue. Change-Id: I7daaa25a0677004e03896298e9c3026d5c33c6ac Closes-Bug: #1341954 (cherry picked from commit 6a41fe9c5c98a14a355fa81b41aae2c4b0ce0a7b) --- cinder/volume/drivers/vmware/pbm.py | 3 ++- cinder/volume/drivers/vmware/vim.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cinder/volume/drivers/vmware/pbm.py b/cinder/volume/drivers/vmware/pbm.py index 1baa69b8e4f..5c4818118e6 100644 --- a/cinder/volume/drivers/vmware/pbm.py +++ b/cinder/volume/drivers/vmware/pbm.py @@ -58,7 +58,8 @@ class PBMClient(vim_module.Vim): self._vimSession = vimSession self._url = vim_util.get_soap_url(protocol, host, 'pbm') # create the pbm client - self._client = suds.client.Client(pbm_wsdl, location=self._url) + self._client = suds.client.Client(pbm_wsdl, location=self._url, + cache=suds.cache.NoCache()) PBMClient._copy_client_cookie(self._vimSession, self._client) # Get the PBM service content si_moref = vim_module.get_moref(SERVICE_INSTANCE, SERVICE_TYPE) diff --git a/cinder/volume/drivers/vmware/vim.py b/cinder/volume/drivers/vmware/vim.py index 2135a567255..2e51d28f6f0 100644 --- a/cinder/volume/drivers/vmware/vim.py +++ b/cinder/volume/drivers/vmware/vim.py @@ -85,7 +85,8 @@ class Vim(object): wsdl_loc = Vim._get_wsdl_loc(protocol, host) soap_url = vim_util.get_soap_url(protocol, host) self._client = suds.client.Client(wsdl_loc, location=soap_url, - plugins=[VIMMessagePlugin()]) + plugins=[VIMMessagePlugin()], + cache=suds.cache.NoCache()) self._service_content = self.RetrieveServiceContent('ServiceInstance') @staticmethod