Comment 20 for bug 1198185
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: delete_snapshot in LVMVolumeDriver not really zero the snapshot | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Third (and hopefully final) version...
-------
Title: Cinder LVM volume driver does not support secure deletion
Reporter: Rongze Zhu (UnitedStack)
Products: Cinder
Affects: 2013.1 (Grizzly) and later
Description:
Rongze Zhu from UnitedStack reported a vulnerability in the Cinder
LVM volume driver. The contents of LVM snapshots may not be cleared
upon deletion even when secure deletes are configured, resulting in
potential exposure of latent data to subsequent servers for other
tenants. Only setups using LVMVolumeDriver are affected.
-------