Security groups are not sanity checked for incorrect data
Bug #869979 reported by
Stanislaw Pitucha
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Stanislaw Pitucha | ||
Diablo |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When an user tries to add a new security group rule, it has a possibility of introducing incorrect entries to iptables.
For example port numbers outside of the allowed range will cause iptables to reject the whole batch of new rules. This stops not only new instance with that security rule attached, but also every other instance that would be created on that hosts, since all rules are loaded at the same time.
Changed in nova: | |
assignee: | nobody → Stanislaw Pitucha (stanislaw-pitucha) |
status: | New → In Progress |
Changed in nova: | |
importance: | Undecided → High |
security vulnerability: | no → yes |
tags: | added: ec2 |
Changed in nova: | |
milestone: | none → essex-1 |
status: | Fix Committed → Fix Released |
tags: | added: diablo-backport |
Changed in nova: | |
milestone: | essex-1 → 2012.1 |
To post a comment you must log in.
Fix proposed in https:/ /review. openstack. org/815