openstack
/
heat-templates
Code Issues Proposed changes

Resolve CVE-2013-2069 

Fix problem where root escalation is possible in a VM.

For more details:
http://lists.fedoraproject.org/pipermail/announce/2013-May/003157.html

Change-Id: I95013d8155d0338c4161a6cb87f02974973fcf80
changes/01/30401/1
Steven Dake 2013-05-24 01:43:32 -07:00
parent 573aba1a52
commit 8f19ddc364
13 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jeos/CentOS-6.3-x86_64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>CentOS 6.3</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='network-config'>
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 &lt;&lt; EOF
DEVICE="eth0"

3
jeos/F16-i386-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 16</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip

3
jeos/F16-x86_64-cfntools-openshift.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 16 base OpenShift Install</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-boto

3
jeos/F16-x86_64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 16</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip

3
jeos/F17-i386-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 17</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip

3
jeos/F17-x86_64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 17</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip

3
jeos/F18-i386-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 18</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip python-boto

3
jeos/F18-x86_64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Fedora 18</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='packages'>
yum -y update fedora-release
yum -y install yum-plugin-fastestmirror cloud-init python-psutil python-pip python-boto

3
jeos/U10-amd64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Ubuntu 10.04</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='commands'>
apt-get -y update
apt-get -y upgrade

3
jeos/U12.10-amd64-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Ubuntu 12.10</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='commands'>
apt-get -y update
apt-get -y upgrade

3
jeos/U12.10-i386-cfntools.tdl
View File

@ -10,6 +10,9 @@
</os>
<description>Ubuntu 12.10</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='commands'>
apt-get -y update
apt-get -y upgrade

3
openshift-origin/F18-x86_64-openshift-origin-broker-cfntools.tdl
View File

@ -34,6 +34,9 @@ gpgcheck=0
</file>
</files>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='user'>
/usr/sbin/useradd ec2-user
echo -e 'ec2-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers

3
openshift-origin/F18-x86_64-openshift-origin-node-cfntools.tdl
View File

@ -34,6 +34,9 @@ gpgcheck=0
</file>
</files>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='user'>
/usr/sbin/useradd ec2-user
echo -e 'ec2-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers