Glance needs a config option to limit the number of image members

Bug #1252459 reported by Brian Rosmaita
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Critical
Alex Meade

Bug Description

Glance v2 allows users to put "members" on an image. There is no limit to the number of image members.

This is a (linear) DoS attack vector.

The fix for this should be done similar to the fix for https://bugs.launchpad.net/glance/+bug/1251518 to keep configuration consistent.

Alex Meade (alex-meade)
Changed in glance:
status: New → In Progress
assignee: nobody → Alex Meade (alex-meade)
importance: Undecided → Critical
Changed in glance:
milestone: none → icehouse-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/59563

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/59563
Committed: http://github.com/openstack/glance/commit/b13e10b5e594c2ad807006e10efdd6c941403d2b
Submitter: Jenkins
Branch: master

commit b13e10b5e594c2ad807006e10efdd6c941403d2b
Author: Alex Meade <email address hidden>
Date: Mon Nov 25 01:57:24 2013 +0000

    Add config option to limit image members

    This patch adds the image_member_quota config option. This allows a deployer
    to limit the number of image members allowed per image. The default value
    is 128, to be consistent with other quota defaults. Users will only be able
    to update an image if the result of the transaction would be under this limit.

    This is for both Glance v1 and v2

    Fixes bug 1252459
    docImpact

    Change-Id: I02f5e82ca4c4acf6cd7bc94f9b99086054a616c9

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.