OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1524274
Comment #6

Comment 6 for bug 1524274

Revision history for this message

Matthew Booth (mbooth-9) wrote on 2015-12-09: Re: Unprivileged api user can access host data using instance snapshot

0001-All-the-things.patch Edit (13.3 KiB, text/plain)

Here's a patch which addresses the originally reported issue with raw on filesystem. However, it does not fix the problem. With this patch, the disk is correctly handled as raw, but then it calls Raw.snapshot_extract, which is also vulnerable as described above, as it doesn't explicitly specify input format.

So, I believe this patch is required, but another patch is also required. I will work on this second patch tomorrow.