Trusted vm can be powered on untrusted host
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Security Notes |
Fix Released
|
Medium
|
Michael Xin |
Bug Description
This is related to the trusted compute.
I recently setup trusted compute pool in my company and have observed that although new trusted vm is not able to be launched from an untrusted host, but if an trusted vm that have launched earlier on a trusted host which is compromised later on, that VM can still be powered on.
1. Exact version of Nova/Openstack:
[root@grunt2 ~]# rpm -qa | grep nova
python-
openstack-
openstack-
openstack-
openstack-
openstack-
openstack-
openstack-
python-
openstack-
openstack-
openstack-
openstack-
openstack-
openstack-
2. Relevant log files:
this is not a error, don't think logs will help..
3. Reproduce steps:
* create trusted compute pool with only one compute node
* create an trusted VM on that compute node
* compromise the trusted compute node by changing the boot order
* power on the trusted Vm created earlier.
information type: | Private Security → Public Security |
tags: | added: security |
Changed in ossn: | |
assignee: | nobody → Doug Chivers (doug-chivers) |
Changed in ossn: | |
assignee: | Doug Chivers (doug-chivers) → nobody |
Changed in ossn: | |
status: | New → Incomplete |
Changed in ossn: | |
assignee: | nobody → Michael Xin (michael-xin) |
Changed in ossn: | |
status: | Incomplete → New |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: scheduler |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Can a Nova core confirm that report ?