[OSSA 2013-029] Unchecked qcow2 root disk sizes DoS
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
High
|
Pádraig Brady | ||
| Folsom |
Won't Fix
|
High
|
Pádraig Brady | ||
| Grizzly |
Fix Released
|
High
|
Pádraig Brady | ||
| Havana |
Fix Released
|
High
|
Pádraig Brady | ||
| OpenStack Security Advisory |
Fix Released
|
Medium
|
Thierry Carrez | ||
Bug Description
When doing QA for SUSE on bug 1177830
I found that the fix is incomplete,
because it assumed that the cached image would be mostly sparse.
However, I can easily create non-sparse small compressed qcow2 images with
perl -e 'for(1.
qemu-img convert -c -O qcow2 img img.qcow2
glance image-create --name=11gb --is-public=True --disk-format=qcow2 --container-
nova boot --image 11gb --flavor m1.small testvm
which (in Grizzly and Essex) results in one (or two in Essex) 11GB large files being created in /var/lib/
still allowing attackers to fill up disk space of compute nodes
because the size check is only done after the uncompressing / caching
| Changed in ossa: | |
| assignee: | nobody → Thierry Carrez (ttx) |
| Changed in nova: | |
| status: | Confirmed → In Progress |
| Changed in nova: | |
| milestone: | none → havana-rc1 |
| tags: | added: havana-rc-potential libvirt |
| Changed in nova: | |
| milestone: | none → icehouse-1 |
| tags: |
added: havana-backport-potential removed: havana-rc-potential |
| information type: | Private Security → Public Security |
| Changed in ossa: | |
| status: | Fix Committed → Fix Released |
| tags: | removed: havana-backport-potential |
| Changed in nova: | |
| status: | Fix Committed → Fix Released |
| tags: | removed: in-stable-havana |
| Changed in nova: | |
| milestone: | icehouse-1 → 2014.1 |

Russell, Mikal: could you confirm the vulnerability ?