[Yahoo-eng-team] [Bug 1174608] Re: Insecure directory creation for signing

Fri, 24 May 2013 05:56:15 -0700 

** Also affects: ossa
   Importance: Undecided
       Status: New

** Summary changed:

- Insecure directory creation for signing
+ [OSSA 2013-010] Insecure directory creation for signing

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Thierry Carrez (ttx)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1174608

Title:
  [OSSA 2013-010] Insecure directory creation for signing

Status in OpenStack Identity (Keystone):
  Invalid
Status in Keystone folsom series:
  Fix Committed
Status in OpenStack Compute (Nova):
  Fix Committed
Status in OpenStack Compute (nova) folsom series:
  Fix Committed
Status in OpenStack Compute (nova) grizzly series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in Python client library for Keystone:
  Fix Committed

Bug description:
  Originally found by Grant Murphy (gmur...@redhat.com):

  The signing directory is used to store the signing certificates
  and the default location for this directory is:

      signing_dir = /tmp/keystone-signing-nova

  In the file:

     keystone/middleware/auth_token.py

  During the initialization of the AuthMiddleware the following
  operations are made for the signing directory:

      IF the directory exists but cannot be written to a configuration error is 
raised.
      ELSE IF the directory doesn't exist, create it.
      NEXT chmod permisions(stat.S_IRWXU) to the signing_directory

  AFAICT The signing certificates used in validation will only be
  fetched from the keystone if the cms_verify action raises an exception
  because the certificate file is missing from the signing directory.

  This means that if an attacker populated the /tmp/keystone-signing-nova
  with the appropriate files for signautre verification they could potentially
  issue forged tokens which would be validated by the middleware. As:
      - The directory location deterministic. (default for glance, nova)
      - *If the directory already exists it is reused*

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1174608/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to