Context elevated on reschedule

Bug #1187076 reported by Joshua Harlow on 2013-06-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

When a volume is initially created the context is immediately elevated (in the volume.manager code) to admin level and if the volume is not created successfully then the rescheduling logic will send back out that elevated context to the scheduler. This seems like a privilege escalation which was not intended (since before the create_volume() call occurred the context was not elevated and if it fails then it becomes elevated). I am not sure of the side-effects this could have, but it seems likely unintended to elevate an unprivileged context, try creation, fail and then send out the elevated context for further scheduling.

Joshua Harlow (harlowja) on 2013-06-03
description: updated
Thierry Carrez (ttx) wrote :

I don't think this classifies as an exploitable vulnerability, unless I'm missing something. Sounds more like a bug that needs to be fixed... in which case I'd rather handle it in the open rather than in embargo mode.

Raise your hand if you object to the opening of this bug

Changed in ossa:
status: New → Incomplete
John Griffith (john-griffith) wrote :

+1, don't think this is a security issue.

Thierry Carrez (ttx) on 2013-06-07
information type: Private Security → Public
no longer affects: ossa
Mike Perez (thingee) on 2013-06-27
Changed in cinder:
assignee: nobody → Mike Perez (thingee)
Mike Perez (thingee) on 2013-07-02
Changed in cinder:
status: New → Confirmed
Mike Perez (thingee) on 2013-07-02
Changed in cinder:
assignee: Mike Perez (thingee) → Huang Zhiteng (zhiteng-huang)
Changed in cinder:
assignee: Huang Zhiteng (zhiteng-huang) → XueChendi (chendi-xue)

Fix proposed to branch: master

Changed in cinder:
status: Confirmed → In Progress

Submitter: Jenkins
Branch: master

commit ca0e7295f44235c7d64954a225a172718a074dd8
Author: XueChendi <email address hidden>
Date: Wed Jul 3 22:20:32 2013 +0800

    Prevent wrongly privilege escalation of a context

    Current codes in create_volume() may exists a scenario that
    a context which is not elevated but after it fails in volume
    creation, it becomes elevated. This patch saves original
    context, so that if it fails in volume creation simply use the
    original context for further scheduling.

    Fix bug:1187076

    Change-Id: I2822b1612ec741209b278fc65f18d0f8f3243e0a

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-07-17
Changed in cinder:
milestone: none → havana-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in cinder:
milestone: havana-2 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers