New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nfs_cleanup security race and permissions #7938

Closed
agriffis opened this Issue Oct 28, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@agriffis
Contributor

agriffis commented Oct 28, 2016

The current nfs_cleanup method for Linux has two problems:

  1. The temporary file is created in an insecure manner with a race before using sudo privileges to write back to /etc/exports
  2. It doesn't work properly for multiple users on a single system, because the file /tmp/exports isn't removed. As a result, after user1 runs vagrant, then user2 tries but can't write to /tmp/exports because it's owned by user1, so previously-added vagrant NFS exports are lost as the users toggle back and forth.

For the security race, there's a trivial attack where a separate unprivileged user on the host can add arbitrary entries to /etc/exports. I can provide details as necessary.

Vagrant version

Vagrant 1.8.6 (all versions)

Host operating system

Fedora 24 (any Linux)

Guest operating system

any

agriffis added a commit to agriffis/vagrant that referenced this issue Oct 28, 2016

Rewrite linux/nfs_cleanup for security and multi-user, fixes hashicor…
…p#7938

Avoid using a temporary file, rather do the substitution in Ruby and
write /etc/exports directly.

chrisroberts added a commit to chrisroberts/vagrant that referenced this issue Oct 29, 2016

Rewrite linux/nfs_cleanup for security and multi-user, fixes hashicor…
…p#7938

Avoid using a temporary file, rather do the substitution in Ruby and
write /etc/exports directly.

gitebra pushed a commit to gitebra/vagrant that referenced this issue Nov 5, 2016

Merge commit '3c90023152820cfe66eb98a0d222efb4c97795fb'
* commit '3c90023152820cfe66eb98a0d222efb4c97795fb':
  Update dev version and update CHANGELOG
  Bump website version to 1.8.7
  Release v1.8.7
  Update CHANGELOG
  Update CHANGELOG
  Include error handling when subprocess commands fail
  Include test coverage on linux host nfs plugin
  Refactor linux host NFS to share common functionalities
  Include autoloader for StringBlockEditor
  Use Util::StringBlockEditor to modify /etc/exports
  Rewrite linux/nfs_cleanup for security and multi-user, fixes hashicorp#7938
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment