disallow boot from volume from specifying arbitrary volumes
Fix a vulnerability in volume attachment in nova-volume, affecting the
boot-from-volume feature. By passing a specific volume ID, an
authenticated user may be able to boot from a volume they don't own,
potentially resulting in full access to that 3rd-party volume.
Folsom setups making use of Cinder are not affected.
Reviewed: https:/ /review. openstack. org/20699 github. com/openstack/ nova/commit/ 317cc0af385536d ee43ef2addad50a 91357fc1ad
Committed: http://
Submitter: Jenkins
Branch: stable/folsom
commit 317cc0af385536d ee43ef2addad50a 91357fc1ad
Author: Vishvananda Ishaya <email address hidden>
Date: Thu Jan 24 10:07:33 2013 +0000
disallow boot from volume from specifying arbitrary volumes
Fix a vulnerability in volume attachment in nova-volume, affecting the from-volume feature. By passing a specific volume ID, an
boot-
authenticated user may be able to boot from a volume they don't own,
potentially resulting in full access to that 3rd-party volume.
Folsom setups making use of Cinder are not affected.
Fixes bug: 1069904, CVE-2013-0208 3ce1ce64bf0a841 8bd2b5a6411
Change-Id: I5f7c8d20d3ebf3