Closed eoghank closed 4 years ago
+1 for support on this issue. Please address it as soon as possible.
I suspect that this is from these lines in cpi.erb
:
export HOME=~
export BUNDLE_GEMFILE=$BOSH_PACKAGES_DIR/vsphere_cpi/Gemfile
bundle_cmd="${BOSH_PACKAGES_DIR}/ruby-2.4-r4/bin/bundle"
exec $bundle_cmd exec $BOSH_PACKAGES_DIR/vsphere_cpi/bin/vsphere_cpi \
$BOSH_JOBS_DIR/vsphere_cpi/config/cpi.json
That export HOME=~
line looks extraneous. What's the home directory when Ops Manager is invoking the CPI to deploy the BOSH director?
This directory also turns up on the BOSH Director as well.
Describe the bug When the vSphere CPI is called to deploy BOSH Director it creates folders here in Ops Man that are world writable and do not have the sticky bit set (/tmp/bundler/home). This is a concern for security teams and our stemcell hardening guides do state that we try to limit world writable directories
To Reproduce Steps to reproduce the behavior:
Expected behavior Security teams expect that any world writable directories are either removed or have the sticky bit set Screenshots
Release Version & Related Info (please complete the following information):