Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1034247 - Cloud-Init: meta_data.json and user_data files on config-drive are world-readable
Summary: Cloud-Init: meta_data.json and user_data files on config-drive are world-read...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.4.0
Assignee: Francesco Romani
QA Contact: Pavel Novotny
URL:
Whiteboard: virt
Depends On:
Blocks: rhev3.4beta 1142926
TreeView+ depends on / blocked
 
Reported: 2013-11-25 13:35 UTC by Pavel Novotny
Modified: 2015-09-22 13:09 UTC (History)
9 users (show)

Fixed In Version: ovirt-3.4.0-alpha1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
oVirt Team: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 21965 None None None Never

Description Pavel Novotny 2013-11-25 13:35:21 UTC
Description of problem:
When using Cloud-Init (via Run Once) for VM bootstrapping, the `user_data` and `meta_data.json` files on the config-drive have world readable permissions. Since they contain sensitive informations such as root password or SSH auth. key, they should not be readable for everyone.


Version-Release number of selected component (if applicable):
rhevm-3.3.0-0.35.beta1.el6ev.noarch (is24)

How reproducible:
100%

Steps to Reproduce:
1. In Webadmin, have a VM and run it via Run Once with some values in Initial Run/Cloud-Init section.
2. On the host the VM is running, search the qemu process for the attached config-drive CD-ROM image (ps aux | grep [q]emu | grep cdrom). 
It looks like: 
-drive file=/var/run/vdsm/payload/d80627d0-04f4-48d5-9335-753354c2cc29.8
1b3df31f8697cbeb6accd60218166b7.img,if=none,media=cdrom,id=drive-ide0-1-1,readonly=on,format=raw,serial=

3. Mount the image and check permissions of the meta data and user data files:
# mount -t iso9660 -o loop /var/run/vdsm/payload/<config-drive>.img /mnt/cloud-init/
# ls -l /mnt/cloud-init/openstack/latest/

Actual results:
-r--r--r--. 1 root root 695 21. lis 17.33 meta_data.json
-r--r--r--. 1 root root 291 21. lis 17.33 user_data

Expected results:
The files should be readable only for root user, not for everyone.

Additional info:

Comment 1 Michal Skrivanek 2013-11-26 09:59:12 UTC
this is exposed in the VM as a CDROM so you need permissions for that so not a big deal. 
Fixing this would require extending the payload feature with user/group and permissions

Comment 2 Michal Skrivanek 2013-12-02 15:10:35 UTC
maybe just by default create a non world-readable files...

Comment 3 Pavel Novotny 2014-02-18 12:36:37 UTC
Verified upstream in ovirt-engine-3.4.0-0.7.beta2.el6.noarch.

Followed reproducer in comment 0 for verification.
Results:
The files on the attached config-drive are no longer world-readable:

# mount -t iso9660 -o loop /var/run/vdsm/payload/11b2841c-03bd-43d8-8d43-4ece2392fee8.62b0aaef2741993fc8bc89d3c3bc4f58.img /mnt/cloud-init/
# ls -l /mnt/cloud-init/openstack/latest/
-rw-r-----. 1 root root 252 Feb 18 11:59 meta_data.json
-rw-r-----. 1 root root 222 Feb 18 11:59 user_data

Comment 5 Itamar Heim 2014-06-12 14:08:37 UTC
Closing as part of 3.4.0


Note You need to log in before you can comment on or make changes to this bug.