Comment 23 for bug 1198185

Do it as soon as I get to the office

On Mon, Jul 29, 2013 at 4:01 AM, Thierry Carrez <<email address hidden>
> wrote:

> We need the grizzly backport and a CVE allocated before we move on to
> advisory publication
>
> ** Also affects: cinder/grizzly
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Cinder
> Bug Team, which is subscribed to Cinder.
> https://bugs.launchpad.net/bugs/1198185
>
> Title:
> delete_snapshot in LVMVolumeDriver not really zero the snapshot
>
> Status in Cinder:
> Fix Released
> Status in Cinder grizzly series:
> New
> Status in OpenStack Security Advisories:
> Triaged
>
> Bug description:
> the delete action process:
> delete_snapshot(self, snapshot) -> self._delete_volume(snapshot,
> snapshot['volume_size']) -> self.clear_volume(volume)
>
> def clear_volume(self, volume):
> """unprovision old volumes to prevent data leaking between
> users."""
>
> vol_path = self.local_path(volume)
> size_in_g = volume.get('size')
> size_in_m = self.configuration.volume_clear_size
>
> if not size_in_g:
> LOG.warning(_("Size for volume: %s not found, "
> "skipping secure delete.") % volume['name'])
> return
> ....
> ....
>
>
> Because snapshot without 'size' field, so it will skip secure delete.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cinder/+bug/1198185/+subscriptions
>