[OSSA 2013-012] Unchecked qcow2 root disk sizes
Bug #1177830 reported by
Loganathan Parthipan
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Critical
|
Chet Burgess | ||
Grizzly |
Fix Released
|
Critical
|
Vish Ishaya | ||
Havana |
Fix Released
|
Critical
|
Pádraig Brady | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Michael Still |
Bug Description
Currently there's no check on the root disk raw sizes. A user can create qcow2 images with any size and upload it to glance and spawn instances off this file. The raw backing file created in the compute node will be small at first due to it being a sparse file, but will grow as data is written to it. This can cause the following issues.
1. Bypass storage quota restrictions
2. Overrun compute host disk space
This was reproduced in Devstack using recent trunk d7e4692.
CVE References
Changed in nova: | |
status: | Incomplete → Confirmed |
milestone: | none → havana-1 |
information type: | Public → Public Security |
Changed in nova: | |
assignee: | nobody → Chet Burgess (cfb-n) |
summary: |
- Unchecked qcow2 root disk sizes + [OSSA 2013-012] Unchecked qcow2 root disk sizes |
Changed in ossa: | |
assignee: | nobody → Michael Still (mikalstill) |
status: | New → Fix Released |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | havana-1 → 2013.2 |
tags: | removed: in-stable-grizzly in-stable-havana |
no longer affects: | nova/folsom |
To post a comment you must log in.
I'm not sure if this should be categorized as security or not. But I'll leave it for someone else to review and move it to public bug.