Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nfs_cleanup security race and permissions #7938

Closed
agriffis opened this issue Oct 28, 2016 · 1 comment · Fixed by #7947
Closed

nfs_cleanup security race and permissions #7938

agriffis opened this issue Oct 28, 2016 · 1 comment · Fixed by #7947

Comments

@agriffis
Copy link
Contributor

The current nfs_cleanup method for Linux has two problems:

  1. The temporary file is created in an insecure manner with a race before using sudo privileges to write back to /etc/exports
  2. It doesn't work properly for multiple users on a single system, because the file /tmp/exports isn't removed. As a result, after user1 runs vagrant, then user2 tries but can't write to /tmp/exports because it's owned by user1, so previously-added vagrant NFS exports are lost as the users toggle back and forth.

For the security race, there's a trivial attack where a separate unprivileged user on the host can add arbitrary entries to /etc/exports. I can provide details as necessary.

Vagrant version

Vagrant 1.8.6 (all versions)

Host operating system

Fedora 24 (any Linux)

Guest operating system

any

agriffis added a commit to agriffis/vagrant that referenced this issue Oct 28, 2016
…p#7938

Avoid using a temporary file, rather do the substitution in Ruby and
write /etc/exports directly.
chrisroberts pushed a commit to chrisroberts/vagrant that referenced this issue Oct 29, 2016
…p#7938

Avoid using a temporary file, rather do the substitution in Ruby and
write /etc/exports directly.
gitebra pushed a commit to gitebra/vagrant that referenced this issue Nov 5, 2016
* commit '3c90023152820cfe66eb98a0d222efb4c97795fb':
  Update dev version and update CHANGELOG
  Bump website version to 1.8.7
  Release v1.8.7
  Update CHANGELOG
  Update CHANGELOG
  Include error handling when subprocess commands fail
  Include test coverage on linux host nfs plugin
  Refactor linux host NFS to share common functionalities
  Include autoloader for StringBlockEditor
  Use Util::StringBlockEditor to modify /etc/exports
  Rewrite linux/nfs_cleanup for security and multi-user, fixes hashicorp#7938
@ghost
Copy link

ghost commented Apr 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant