1
Origin: https://review.openstack.org/gitweb?p=openstack%2Fnova.git;a=commitdiff;h=ed89587d525e0214cb367aa4632df45903c6ac09
2
Description: This is a refinement of the previous fix in commit 2427d4a,
3
which does the file name canonicalization as the root user.
4
This is required so that guest images could not for example,
5
protect malicious symlinks in a directory only readable by root.
6
Bug: https://launchpad.net/bugs/1031311
8
Index: nova-2011.3/nova/tests/test_virt.py
9
===================================================================
10
--- nova-2011.3.orig/nova/tests/test_virt.py 2012-08-17 13:54:13.000000000 -0500
11
+++ nova-2011.3/nova/tests/test_virt.py 2012-08-17 13:54:27.000000000 -0500
13
from nova import exception
14
from nova import flags
16
+from nova import utils
17
from nova.virt import disk
18
from nova.virt import driver
23
class TestVirtDisk(test.TestCase):
25
+ super(TestVirtDisk, self).setUp()
27
+ real_execute = utils.execute
29
+ def nonroot_execute(*cmd_parts, **kwargs):
30
+ kwargs.pop('run_as_root', None)
31
+ return real_execute(*cmd_parts, **kwargs)
33
+ self.stubs.Set(utils, 'execute', nonroot_execute)
35
def test_check_safe_path(self):
36
ret = disk._join_and_check_path_within_fs('/foo', 'etc',
38
Index: nova-2011.3/nova/tests/test_xenapi.py
39
===================================================================
40
--- nova-2011.3.orig/nova/tests/test_xenapi.py 2012-08-17 13:54:00.000000000 -0500
41
+++ nova-2011.3/nova/tests/test_xenapi.py 2012-08-17 13:54:27.000000000 -0500
43
self._tee_executed = True
46
+ def _readlink_handler(cmd_parts, **kwargs):
47
+ return os.path.realpath(cmd_parts[2]), ''
49
fake_utils.fake_execute_set_repliers([
50
# Capture the tee .../etc/network/interfaces command
51
(r'tee.*interfaces', _tee_handler),
52
+ (r'readlink -nm.*', _readlink_handler),
54
self._test_spawn(glance_stubs.FakeGlance.IMAGE_MACHINE,
55
glance_stubs.FakeGlance.IMAGE_KERNEL,
56
Index: nova-2011.3/nova/virt/disk.py
57
===================================================================
58
--- nova-2011.3.orig/nova/virt/disk.py 2012-08-17 13:54:13.000000000 -0500
59
+++ nova-2011.3/nova/virt/disk.py 2012-08-17 13:54:27.000000000 -0500
61
mounted guest fs. Trying to be clever and specifying a
62
path with '..' in it will hit this safeguard.
64
- absolute_path = os.path.realpath(os.path.join(fs, *args))
65
+ absolute_path, _err = utils.execute('readlink', '-nm',
66
+ os.path.join(fs, *args),
68
if not absolute_path.startswith(os.path.realpath(fs) + '/'):
69
raise exception.Invalid()