From 4ed99878f79cba552fc3a772bddaadcedd2cd04d Mon Sep 17 00:00:00 2001 From: David Ripton Date: Tue, 28 Jan 2014 16:38:51 -0500 Subject: [PATCH] Persist image format to a file, to prevent attacks based on changing it The attack is based on creating a raw image that looks like a qcow2 image, and taking advantage of the code that used 'qemu-img info' to autodetect the image format. Now we store the image format to a 'disk.info' file, for Qcow2 and Raw images, and only autodetect for images that have never been written to that file. SecurityImpact Co-authored-by: Nikola Dipanov Closes-bug: #1221190 Change-Id: I2016efdb3f49a44ec4d677ac596eacc97871f30a --- nova/utils.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nova/utils.py b/nova/utils.py index 6630c689b..0c3ee94f3 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -761,6 +761,20 @@ def temporary_chown(path, owner_uid=None): execute('chown', orig_uid, path, run_as_root=True) +def chown(path, owner_uid=None): + """chown a path. + + :param owner_uid: UID of owner (defaults to current user) + """ + if owner_uid is None: + owner_uid = os.getuid() + + orig_uid = os.stat(path).st_uid + + if orig_uid != owner_uid: + execute('chown', owner_uid, path, run_as_root=True) + + @contextlib.contextmanager def tempdir(**kwargs): argdict = kwargs.copy()