OpenStack Compute (nova)

  1. Bug #1996188
  2. Comment #152

Comment 152 for bug 1996188

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/glance/+/871614
Committed: https://opendev.org/openstack/glance/commit/4967ab6935cfd0274ae801ac943d01909a236a0a
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 4967ab6935cfd0274ae801ac943d01909a236a0a
Author: Dan Smith <email address hidden>
Date: Mon Dec 19 15:00:35 2022 +0000

    Enforce image safety during image_conversion

    This does two things:

    1. It makes us check that the QCOW backing_file is unset on those
    types of images. Nova and Cinder do this already to prevent an
    arbitrary (and trivial to accomplish) host file exposure exploit.
    2. It makes us restrict VMDK files to only allowed subtypes. These
    files can name arbitrary files on disk as extents, providing the
    same sort of attack. Default that list to just the types we believe
    are actually useful for openstack, and which are monolithic.

    The configuration option to specify allowed subtypes is added in
    glance's config and not in the import options so that we can extend
    this check later to image ingest. The format_inspector can tell us
    what the type and subtype is, and we could reject those images early
    and even in the case where image_conversion is not enabled.

    Closes-Bug: #1996188
    Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
    (cherry picked from commit 0d6282a01691cecc2798f7858b181c4bb30f850c)