MAAS

hostname, architecture, disable_ipv4 can be permenantly changed by non-admin user

Bug #1459762 reported by Scott Moser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Critical
Jeffrey C Jones
MAAS 1.9.0

Bug Description

This is being run against maas-stable ppa
  # dpkg-query --show maas
  maas 1.7.3+bzr3363-0ubuntu1~trusty1

A non-admin user can acquire a system, change certain fields, and release the
system. This could effectively DOS the use of the system.

The fields i've verified i can change are:
  architecture
  hostname
  disable_ipv4

Not sure if others can be modified or not. But essentially the steps are:
 a.) maas <name> nodes acquire
 b.) maas <name> update <system_id> architecture=amd64/hwe-u
 c.) maas <name> node release <system_id>
 d.) maas <name> node read <system_id>

'd' is just there for verification that the change is permenent.

See the attached script to show doing this. Its example output when run:

$ ./go
maas home-ubuntu nodes acquire
acquired hostname=kearney.example.com system_id=node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== kearney.example.com [acquired] ==
  hostname: kearney.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-t
  disable_ipv4: False
  distro_series:
applying architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node update node-79b67e82-d25c-11e4-a333-00163eca91de architecture=amd64/hwe-u hostname=mychange.example.com disable_ipv4=True
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [modified] ==
  hostname: mychange.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-u
  disable_ipv4: True
  distro_series:
maas home-ubuntu node release node-79b67e82-d25c-11e4-a333-00163eca91de
maas home-ubuntu node read node-79b67e82-d25c-11e4-a333-00163eca91de
== mychange.example.com [released] ==
  hostname: mychange.example.com
  system_id: node-79b67e82-d25c-11e4-a333-00163eca91de
  netboot: True
  osystem:
  storage: 160000
  architecture: amd64/hwe-u
  disable_ipv4: True
  distro_series:

Related bugs:
 * bug 1443644: hwe kernels should not be part of the architecture
 * bug 1437059: Deploy bulk actions needs the ability to specify architecture (so we can select hwe kernel)

See original description

Related branches

lp:~trapnine/maas/b1459762
Gavin Panella (community): Approve
Blake Rouse (community): Approve
Diff: 275 lines (+63/-34)
3 files modified
src/maasserver/api/nodes.py (+5/-4)
src/maasserver/api/tests/test_node.py (+30/-22)
src/maasserver/api/tests/test_nodes.py (+28/-8)
Andres Rodriguez (andreserl)
Changed in maas:
status: New → Triaged
importance: Undecided → Critical
milestone: none → 1.9.0
Scott Moser (smoser)
description: updated
Jeffrey C Jones (trapnine)
Changed in maas:
assignee: nobody → Jeffrey C Jones (trapnine)
Jeffrey C Jones (trapnine)
Changed in maas:
status: Triaged → In Progress
MAAS Lander (maas-lander)
Changed in maas:
status: In Progress → Fix Committed
Andres Rodriguez (andreserl)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.