Flags default uses google's DNS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Russell Bryant |
Bug Description
For some reason if the following is not overriden by a setting nova will attempt to connect to google's DNS servers.
Odd code @
cfg.
Of file nova/flags.py
Where that function _get_my_ip() which may be called even if the option exists as a setting (its a default??).
The function does the following:
def _get_my_ip():
"""Returns the actual ip of the local machine."""
try:
csock = socket.
(addr, port) = csock.getsockname()
return addr
except socket.error as ex:
return "127.0.0.1"
This seems to attempt to open a socket to google's DNS servers @ http://
The Google Public DNS IP addresses (IPv4) are as follows:
8.8.8.8
8.8.4.4
Is this the correct and desired effect? I would hope not, since I doubt companies want to expose that they are using openstack to google....
Changed in nova: | |
milestone: | none → essex-4 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | essex-4 → 2012.1 |
So the functionality doesn't quite match the function name.
It's clearly reaching out to the internet to see if it's possible with the current configuration, if it is possible it then returns the address information of the socket. If it can't then it returns the loopback.
So I see two things wrong here:
* A call out to a third part that you might not want to have any communication with
* This code doesn't work anyway. Google's DNS servers don't appear have port 80 open
I don't see any reason to keep this quiet:
* No vulnerability in OpenStack
* Scope for a _tiny_ information leak if the code actually worked