2016-09-26 05:54:36 |
Bhagyashri Shewale |
bug |
|
|
added bug |
2016-09-26 05:54:48 |
Bhagyashri Shewale |
nova: assignee |
|
Bhagyashri Shewale (bhagyashri-shewale) |
|
2016-09-26 05:55:10 |
Bhagyashri Shewale |
bug |
|
|
added subscriber Tushar Patil |
2016-09-26 06:12:02 |
Morgan Fainberg |
description |
If you create an instance backup by passing rotation 0 to the backup api, nova creates an image and takes a snapshot of an instance and then deletes it immediately. Any malicious user can use this loophole by calling backup api for all instances belonging to his/her project causing consumption of glance and nova resources at the expense of service provider.
Steps to reproduce:
1. Create the instance
$ nova boot --flavor <flavor_id> --image <image_id> <instance_name>
2. Create the instance backup using the backup api by giving the rotation parameter value as 0
$ nova backup <instance_id> <name> daily 0
3. Check the glance image list
$ glance image-list
Output:
In glance images you will not found backup image as it will be deleted immediately after creation.
Expected result:
If user passes rotation 0, then nova shouldn’t create an image and take a snapshot of an instance and upload it to glance service or minimum value of rotation should be changed from 0 to 1. |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
If you create an instance backup by passing rotation 0 to the backup api, nova creates an image and takes a snapshot of an instance and then deletes it immediately. Any malicious user can use this loophole by calling backup api for all instances belonging to his/her project causing consumption of glance and nova resources at the expense of service provider.
Steps to reproduce:
1. Create the instance
$ nova boot --flavor <flavor_id> --image <image_id> <instance_name>
2. Create the instance backup using the backup api by giving the rotation parameter value as 0
$ nova backup <instance_id> <name> daily 0
3. Check the glance image list
$ glance image-list
Output:
In glance images you will not found backup image as it will be deleted immediately after creation.
Expected result:
If user passes rotation 0, then nova shouldn’t create an image and take a snapshot of an instance and upload it to glance service or minimum value of rotation should be changed from 0 to 1. |
|
2016-09-26 06:12:15 |
Morgan Fainberg |
bug task added |
|
ossa |
|
2016-09-26 06:12:22 |
Morgan Fainberg |
ossa: status |
New |
Incomplete |
|
2016-09-26 06:12:44 |
Morgan Fainberg |
bug |
|
|
added subscriber Nova Core security contacts |
2016-09-26 20:52:21 |
Jeremy Stanley |
ossa: status |
Incomplete |
Opinion |
|
2016-09-26 20:52:35 |
Jeremy Stanley |
bug |
|
|
added subscriber OSSG CoreSec |
2016-10-18 10:16:44 |
Bhagyashri Shewale |
attachment added |
|
In this patch I am changing the minimum value of rotation to 1. If user provides 0 as a rotation value then it will raise HttpBadRequest. https://bugs.launchpad.net/nova/+bug/1627597/+attachment/4763134/+files/0001-Change-backup-rotation-min-value-from-0-to-1.patch |
|
2016-12-09 13:42:14 |
Sean Dague |
nova: status |
New |
Opinion |
|
2016-12-09 13:42:22 |
Sean Dague |
nova: importance |
Undecided |
Wishlist |
|
2016-12-09 13:54:21 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
If you create an instance backup by passing rotation 0 to the backup api, nova creates an image and takes a snapshot of an instance and then deletes it immediately. Any malicious user can use this loophole by calling backup api for all instances belonging to his/her project causing consumption of glance and nova resources at the expense of service provider.
Steps to reproduce:
1. Create the instance
$ nova boot --flavor <flavor_id> --image <image_id> <instance_name>
2. Create the instance backup using the backup api by giving the rotation parameter value as 0
$ nova backup <instance_id> <name> daily 0
3. Check the glance image list
$ glance image-list
Output:
In glance images you will not found backup image as it will be deleted immediately after creation.
Expected result:
If user passes rotation 0, then nova shouldn’t create an image and take a snapshot of an instance and upload it to glance service or minimum value of rotation should be changed from 0 to 1. |
If you create an instance backup by passing rotation 0 to the backup api, nova creates an image and takes a snapshot of an instance and then deletes it immediately. Any malicious user can use this loophole by calling backup api for all instances belonging to his/her project causing consumption of glance and nova resources at the expense of service provider.
Steps to reproduce:
1. Create the instance
$ nova boot --flavor <flavor_id> --image <image_id> <instance_name>
2. Create the instance backup using the backup api by giving the rotation parameter value as 0
$ nova backup <instance_id> <name> daily 0
3. Check the glance image list
$ glance image-list
Output:
In glance images you will not found backup image as it will be deleted immediately after creation.
Expected result:
If user passes rotation 0, then nova shouldn’t create an image and take a snapshot of an instance and upload it to glance service or minimum value of rotation should be changed from 0 to 1. |
|
2016-12-09 13:54:38 |
Jeremy Stanley |
information type |
Private Security |
Public |
|
2016-12-09 14:03:28 |
Jeremy Stanley |
ossa: status |
Opinion |
Won't Fix |
|
2016-12-12 07:41:46 |
OpenStack Infra |
nova: status |
Opinion |
In Progress |
|
2018-11-19 13:12:27 |
Matt Riedemann |
nova: status |
In Progress |
Won't Fix |
|