starlingx/metal
Code Issues Proposed changes
metal/mtce
History
Kyale, Eliud 94b9761011 Replace bmc system() commands with fork() execv() 
Mtce uses the system() command to run the ipmitool and redfishtool.
The system() command launches a shell process that is susceptible
to code injection.
By switching to fork() execv() we can prevent command injection attacks
if for example the bmc parameters are compromised.

The bmc parameters are:
- bm_type
- bm_ip
- bm_username
- bm_password

These are initially provided as user input and stored
in either barbican (bm_password) or the sysinv postgres database.

If these parameters are compromised, the injected code will not be run.
For example, if bm_username="root; reboot&"
the reboot command will not be run.

Test plan:

PASS - Code testing: designer testing of failure paths, verifying logs
                     by compiling errors in the code
               - fork fail error path
               - file open failure path
               - dup/dup2 failure path
               - execv failure

PASS - AIO-SX: iso install
PASS - AIO-DX: iso install
PASS - AIO-SX: ipmi bmc sensor/device queries
               system host-sensor-list <controller-0>
PASS - AIO-SX: ipmi bmc reset
               designer modification of sysinv to allow simplex reset
PASS - AIO-SX: modify bmc parameters in postgres
               and verify bmc command failure and proper handling
               e.g bm_username="root; reboot&"
PASS - AIO-SX: file leak testing of execv error path
               sudo lsof -p `pidof mtcAgent`
               sudo lsof -p `pidof hwmond`
PASS - AIO-SX: memory leak and file leak testingsoak
               sudo /usr/sbin/dmemchk.sh --C mtcAgent hwmond
PASS - AIO-DX: ipmi bmc reset
               Virtual machine AIO-DX configured to physical bmc
               simulate reset on virtual machine by power down
               at the same time as system host-reset <controller>
PASS - AIO-DX: ipmi bmc sensor/device queries
               system host-sensor-list <controller-0|1>

Example postgres commands to compromise the bm_username parameter:

sudo -u postgres \
psql -d sysinv \
-c "select bm_username from i_host where hostname='controller-0';"

sudo -u postgres \
psql -d sysinv \
-c \
"update i_host set bm_username='root; reboot&' "\
"where hostname='controller-0';"

Story: 2011095
Task: 50344

Change-Id: I250900d1c757d7e04058f4c954502b1a38db235e
Signed-off-by: Kyale, Eliud <Eliud.Kyale@windriver.com>
2024-06-13 14:43:44 -04:00
..
centos
Update crashDumpMgr to source config from envfile
2023-10-06 23:06:54 +00:00
debian
Update crashDumpMgr to source config from envfile
2023-10-06 23:06:54 +00:00
opensuse
De-branding in starlingx/metal: Titanium Cloud -> StarlingX
2020-04-03 07:58:25 +02:00
src
Replace bmc system() commands with fork() execv()
2024-06-13 14:43:44 -04:00
PKG-INFO
Decouple Guest-server/agent from stx-metal
2018-09-18 17:15:08 -04:00