--------------------------------
Title: Nova live snapshots use an insecure local directory
Reporter: Daniel Berrange (Red Hat)
Products: Nova
Affects: Grizzly and later
Description:
Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.
Proposed impact description:
------- ------- ------- ------- ----
Title: Nova live snapshots use an insecure local directory
Reporter: Daniel Berrange (Red Hat)
Products: Nova
Affects: Grizzly and later
Description:
Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.