Comment 20 for bug 1253980
Revision history for this message
| Thierry Carrez (ttx) wrote Re: DoS attack via setting os_type in snapshots. | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
New proposed impact desc:
-------
Title: Nova compute DoS through ephemeral disk backing files
Reporter: Phil Day (HP)
Products: Nova
Affects: All supported versions
Description:
Phil Day from HP reported a vulnerability in the handling of ephemeral disk backing files on Nova compute nodes. By repeatedly creating snapshots, changing the os_type to a new random value, and spawning new instances from the snapshot (and quickly deleting those instances), an authenticated user could generate lots of different ephemeral disk backing files and fill up compute node disks, potentially resulting in a Denial of Service against a Nova setup.
-------
@Phil: agreed... waiting for confirmation from other VMT members to go ahead. Would the ephemeral backing files all land on the same server (reaching a state of partial DoS quickly) or be spread across all compute nodes (reaching a state of total DoS but slowly) ?