Cinder

  1. Series kilo
  2. Bug #1415087
  3. Comment #51

Comment 51 for bug 1415087

Revision history for this message
Dave Walker (davewalker) wrote : Re: Format-guessing and file disclosure in image convert (CVE-2015-1850)

I tried to recreate this myself.. TL;DR I didn't succeed.

I created a cinder (LVM backend) volume, attached it as vdb to a guest and within the guest ran "qemu-img create -f qcow2 -b /etc/passwd /dev/vdb"

Introspecting on the underlying host, it looks like things are progressing:
# qemu-img info /dev/mapper/stack--volumes--lvmdriver--1-volume--6c76f71d--6ccb--4a95--845c--40fd9af1a12d | grep backing
backing file: /etc/passwd

I then created a second guest, and made the root boot from volume the cinder volume from above. Then following running "nova image-create" a reference does appear in Glance with the correct name set, but a null file size.

Attempting to retrieve the image through glance a 0 byte file is returned.