Switch off caching to prevent cache poisoning by local attacker

suds package uses a well-known /tmp/suds directory by default to store pickled objects. This could be subject to attacks. suds project is un-maintained and some distros have a local patch that uses mkdtemp() but still leak directories. It's best to remove the cache completely. Note that if we really need, we could add a memory based cached later. we should deal with this security issue first. Closes-Bug: #1341954 Change-Id: Ieec9d99aa674adf5cbc9be924fef3856cf4e5d66
openstack · Aug 21, 2014 · d9ada2a · d9ada2a
1 parent e434d1b
commit d9ada2a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/oslo/vmware/service.py b/oslo/vmware/service.py
@@ -80,7 +80,8 @@ def __init__(self, wsdl_url=None, soap_url=None):
                   self.soap_url, self.wsdl_url)
         self.client = suds.client.Client(self.wsdl_url,
                                          location=self.soap_url,
-                                         plugins=[ServiceMessagePlugin()])
+                                         plugins=[ServiceMessagePlugin()],
+                                         cache=suds.cache.NoCache())
         self._service_content = None
 
     @staticmethod