OpenStack Image Registry and Delivery Service (Glance)

Glance copy_from should gracefully handle file store

Reported by Brian Waldon on 2012-02-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Medium
Eoghan Glynn

Bug Description

If you try to add an image with copy_from set to file:///somewhere, the API returns a 500 due to a NotImplementedError raised from get_size in the filesystem store driver. Ideally, the user would not be able to upload an image and ask the api to read from the local filesystem for security reasons.

This is not a security bug at the moment due to the 500.

Eoghan Glynn (eglynn) wrote :

Looking at this in more detail, it turns out we've had the same issue with location=file:///somewhere, again masked by the NotImplemented on glance.store.filesystem.Store.get_size().

So the fix should address both the copy_from and location styles of external source.

Changed in glance:
milestone: none → essex-4
status: New → In Progress

Reviewed: https://review.openstack.org/4602
Committed: http://github.com/openstack/glance/commit/e653a0032d21729ebd4ec4edd0045cad0f0ab430
Submitter: Jenkins
Branch: master

commit e653a0032d21729ebd4ec4edd0045cad0f0ab430
Author: Eoghan Glynn <email address hidden>
Date: Mon Feb 27 22:57:12 2012 +0000

    Disallow file:// sources on location or copy-from.

    Fixes bug #942118

    For security reasons, file:// URIs local to the glance services
    should not be supported as external sources (as specified via the
    x-image-meta-location or x-glance-api-copy-from headers).

    Change-Id: I43763cbefba95153434c7dcdcce3765ed04e05fe

Changed in glance:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/4702
Committed: http://github.com/openstack/glance/commit/1337a510a1568dc0f3eac2e8574a414c6b681139
Submitter: Jenkins
Branch: milestone-proposed

commit 1337a510a1568dc0f3eac2e8574a414c6b681139
Author: Eoghan Glynn <email address hidden>
Date: Mon Feb 27 22:57:12 2012 +0000

    Disallow file:// sources on location or copy-from.

    Fixes bug #942118

    For security reasons, file:// URIs local to the glance services
    should not be supported as external sources (as specified via the
    x-image-meta-location or x-glance-api-copy-from headers).

    Change-Id: I43763cbefba95153434c7dcdcce3765ed04e05fe

Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in glance:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers