-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nfs_cleanup security race and permissions #7938
Comments
agriffis
added a commit
to agriffis/vagrant
that referenced
this issue
Oct 28, 2016
…p#7938 Avoid using a temporary file, rather do the substitution in Ruby and write /etc/exports directly.
chrisroberts
pushed a commit
to chrisroberts/vagrant
that referenced
this issue
Oct 29, 2016
…p#7938 Avoid using a temporary file, rather do the substitution in Ruby and write /etc/exports directly.
gitebra
pushed a commit
to gitebra/vagrant
that referenced
this issue
Nov 5, 2016
* commit '3c90023152820cfe66eb98a0d222efb4c97795fb': Update dev version and update CHANGELOG Bump website version to 1.8.7 Release v1.8.7 Update CHANGELOG Update CHANGELOG Include error handling when subprocess commands fail Include test coverage on linux host nfs plugin Refactor linux host NFS to share common functionalities Include autoloader for StringBlockEditor Use Util::StringBlockEditor to modify /etc/exports Rewrite linux/nfs_cleanup for security and multi-user, fixes hashicorp#7938
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Apr 3, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The current
nfs_cleanup
method for Linux has two problems:/etc/exports
/tmp/exports
isn't removed. As a result, after user1 runs vagrant, then user2 tries but can't write to/tmp/exports
because it's owned by user1, so previously-added vagrant NFS exports are lost as the users toggle back and forth.For the security race, there's a trivial attack where a separate unprivileged user on the host can add arbitrary entries to
/etc/exports
. I can provide details as necessary.Vagrant version
Vagrant 1.8.6 (all versions)
Host operating system
Fedora 24 (any Linux)
Guest operating system
any
The text was updated successfully, but these errors were encountered: