Non-admins can create public images
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Undecided
|
Aaron Rosen | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Security Notes |
Fix Released
|
High
|
Nathan Kinder |
Bug Description
Glance documentation ( http://
> Note Use of the is_public parameter is restricted to admin users. For all other users it will be ignored.
However, this is not true on havana, ie. with horizon:
- user a uploads an image with is_public checkbox **checked**,
- user b logs in and can see that image in /project/
It is reproducible with the command line of course:
vagrant@
+------
| Property | Value |
+------
| checksum | 64d7c1cd2b6f60c
| container_format | bare |
| created_at | 2014-04-28T14:10:07 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 8f843998-
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | hacked |
| owner | c8df7a80acd4496
| protected | False |
| size | 13167616 |
| status | active |
| updated_at | 2014-04-28T14:10:07 |
+------
vagrant@
+------
| ID | Name | Disk Format | Container Format | Size | Status |
+------
| d6b482f7-
| 5579dc39-
| bdfc240a-
| 8f843998-
+------
Potentially, a malicious user could upload an image with a backdoor and make it available to the public.
Changed in ossa: | |
status: | New → Incomplete |
Changed in ossn: | |
assignee: | nobody → Nathan Kinder (nkinder) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in glance: | |
assignee: | nobody → Aaron Rosen (arosen) |
Changed in glance: | |
status: | New → Fix Released |
Thanks, we'll try to reproduce the cli part of this.