Comment 20 for bug 1990157
Revision history for this message
| Dan Smith (danms) wrote Re: Malicious image data modification can happen when using COW | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
> but instead a snapshot is
> created directly in the backend and Nova creates a Glance image record
> with size 0 and no os_hash_value [1
I think it's important to call out that even if you have an image that was uploaded and a hash was calculated, someone could *later* change the data in the backend. Since nova doesn't (and can't really without a lot of extra work) know that the hash doesn't match the image it's about to fast clone, the hash might look like it's there, you know it *was* correct, but nova will not check it to see that it no longer matches.
> A glance-api service with 'show_multiple_
> *never* be exposed directly to end users. This setting should only
> be enabled on an internal-
> OpenStack services that require access to image locations.
I wonder if we should be more specific about "run two glance-apis with different config and use the public/internal endpoint types in keystone to differentiate. Also make sure the internal one is not accessible to the users (i.e. firewalled). You imply it with "never exposed to users" but...