Comment 8 for bug 1593799
Revision history for this message
| Nikhil Komawar (nikhil-komawar) wrote | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
We haven't published the recordings so I agree that having this in a private bug is okay.
Please note that this issue exists at least since Liberty. The commit that introduced this feature and hence a vulnerability along with it is:
commit 9a6823326b43c01
Author: Martin Mágr <email address hidden>
Date: Mon Aug 24 13:37:54 2015 +0200
Add db purge command
This patch adds "db purge" to glance-manage for deleting soft deleted
images, tasks.
Change-Id: I5b609292aa15f8
Implements: blueprint database-purge
I can confirm that this is a real issue.
Also, I think this vulnerability can exist irrespective of the existence of the db-purge utility as a individual operator can choose to hard-delete the soft-deleted old rows on their deployment.
There is a problem with introducing a new table due the growth in the size of the DB over period of time. This was one of the major reason why the db-purge utility was introduced. I think this bug is subject to further discussion on the best possible solution. I, however, find it in the best interest to send a CVE note with a advice on not deleting soft-deleted images. It should be left to the operator to decide which images are safe to be removed from the database once their deployment is assured of non-existence of such -- like no tracking of that image id in Nova, Cinder, Ironic, Heat, etc.