Image access control is available

Bug #863305 reported by Stanislaw Pitucha on 2011-09-30
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Stanislaw Pitucha
Diablo
Undecided
Unassigned
nova (Ubuntu)
Undecided
Unassigned

Bug Description

Using glance for images and old style authentication, access control to images is very limited. Basic 2 problems are:
- users cannot see their own snapshots
- users can delete public image which does not belong to them (through nova image-delete)

Uploaded as:
https://review.openstack.org/761
https://review.openstack.org/762

Those changes have only been done / tested in an environment with old authentication scheme. I may not be aware of additional issues coming from keystone integration.

Scott Moser (smoser) wrote :

users can delete public images and private images owned by other users. I've verified this in 2011.3.

Dave Walker (davewalker) on 2011-09-30
tags: added: server-o-rs
security vulnerability: no → yes
Dave Walker (davewalker) on 2011-09-30
Changed in nova (Ubuntu):
status: New → Confirmed
milestone: none → ubuntu-11.10
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2011.3-0ubuntu4

---------------
nova (2011.3-0ubuntu4) oneiric; urgency=low

  [James Page]
  * debian/nova-common.postinst:
    - Exclude mounted LXC rootfs filesystems within /var/lib/nova from
      user/group ownership changes (LP: #861260).
    - Ensure that primary group for 'nova' user is 'nova' so that files
      created by this user have the correct group ownership.

  [Adam Gandelman]
  * debian/nova-common.postinst: Restrict permissions of /var/log/nova
    (LP: #862816)

  [Ante Karamatic]
  * Add /usr/sbin/ietadm to sudoers (LP: #861547)
  * debian/control: Fix typo in Vcs-Bzr

  [Chuck Short]
  * debian/patches/backport-libvirt-console-pipe.patch:
    Move console.log to a ringbuffer so that the console.log
    keeps filling up. (LP: #832507)
  * debian/patches/backport-lxc-container-console-fix.patch:
    Make euca-get-console-output usable for LXC containers.
    (LP: #832159)
  * debian/patches/backport-snapshot-cleanup.patch:
    Enforce snapshot cleanup. (LP: #861582).
  * debian/patches/fix-lp863305-images-permission.patch:
    Fix image access control. (LP: #863305)
 -- Chuck Short <email address hidden> Fri, 30 Sep 2011 15:21:56 -0400

Changed in nova (Ubuntu):
status: Confirmed → Fix Released
Gavin B (gavin-brebner-orange) wrote :

Updating bug info for the Openstack side ...

Changed in nova:
status: New → Confirmed
importance: Undecided → Medium

Reviewed: https://review.openstack.org/761
Committed: http://github.com/openstack/nova/commit/cb37d895a6b97e294aa838f85227d29892f4e11e
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit cb37d895a6b97e294aa838f85227d29892f4e11e
Author: Loganathan Parthipan <email address hidden>
Date: Thu Sep 29 16:41:49 2011 +0100

    Improve access check on images

    Makes sure that users can delete only their own images, snapshots.
    Enable listing of all images, both private which are owned and the public
    ones. Only list the private images/snapshots for the owner and admin users.
    Fixes bug 863305

    Change-Id: I7326ec4a99158c8db5319f2397c99c5a89be2cb5

Reviewed: https://review.openstack.org/1132
Committed: http://github.com/openstack/nova/commit/c11659215a1cd3e551ce56f089b2682842954b04
Submitter: Jenkins
Branch: stable/diablo

 status fixcommitted
 done

commit c11659215a1cd3e551ce56f089b2682842954b04
Author: Loganathan Parthipan <email address hidden>
Date: Thu Sep 29 16:41:49 2011 +0100

    Improve access check on images

    Makes sure that users can delete only their own images, snapshots.
    Enable listing of all images, both private which are owned and the public
    ones. Only list the private images/snapshots for the owner and admin users.
    Fixes bug 863305

    (cherry picked from commit cb37d895a6b97e294aa838f85227d29892f4e11e)

    Change-Id: Idc15125371950e0c07b1dac48e8b844887fefc9d

Thierry Carrez (ttx) on 2011-11-25
Changed in nova:
milestone: none → essex-1
status: Confirmed → Fix Released

Hello Stanislaw, or anyone else affected,

Accepted nova into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Mark McLoughlin (markmc) on 2012-04-03
Changed in nova:
assignee: nobody → Stanislaw Pitucha (stanislaw-pitucha)
Thierry Carrez (ttx) on 2012-04-05
Changed in nova:
milestone: essex-1 → 2012.1
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers