94b9761011
Mtce uses the system() command to run the ipmitool and redfishtool.
The system() command launches a shell process that is susceptible
to code injection.
By switching to fork() execv() we can prevent command injection attacks
if for example the bmc parameters are compromised.
The bmc parameters are:
- bm_type
- bm_ip
- bm_username
- bm_password
These are initially provided as user input and stored
in either barbican (bm_password) or the sysinv postgres database.
If these parameters are compromised, the injected code will not be run.
For example, if bm_username="root; reboot&"
the reboot command will not be run.
Test plan:
PASS - Code testing: designer testing of failure paths, verifying logs
by compiling errors in the code
- fork fail error path
- file open failure path
- dup/dup2 failure path
- execv failure
PASS - AIO-SX: iso install
PASS - AIO-DX: iso install
PASS - AIO-SX: ipmi bmc sensor/device queries
system host-sensor-list <controller-0>
PASS - AIO-SX: ipmi bmc reset
designer modification of sysinv to allow simplex reset
PASS - AIO-SX: modify bmc parameters in postgres
and verify bmc command failure and proper handling
e.g bm_username="root; reboot&"
PASS - AIO-SX: file leak testing of execv error path
sudo lsof -p `pidof mtcAgent`
sudo lsof -p `pidof hwmond`
PASS - AIO-SX: memory leak and file leak testingsoak
sudo /usr/sbin/dmemchk.sh --C mtcAgent hwmond
PASS - AIO-DX: ipmi bmc reset
Virtual machine AIO-DX configured to physical bmc
simulate reset on virtual machine by power down
at the same time as system host-reset <controller>
PASS - AIO-DX: ipmi bmc sensor/device queries
system host-sensor-list <controller-0|1>
Example postgres commands to compromise the bm_username parameter:
sudo -u postgres \
psql -d sysinv \
-c "select bm_username from i_host where hostname='controller-0';"
sudo -u postgres \
psql -d sysinv \
-c \
"update i_host set bm_username='root; reboot&' "\
"where hostname='controller-0';"
Story: 2011095
Task: 50344
Change-Id: I250900d1c757d7e04058f4c954502b1a38db235e
Signed-off-by: Kyale, Eliud <Eliud.Kyale@windriver.com>
|
||
|---|---|---|
| .. | ||
| centos | ||
| debian | ||
| opensuse | ||
| src | ||
| PKG-INFO | ||