Container delete + re-creation can retain old ACL permissions

Bug #836605 reported by Coleman Corrigan
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Critical
John Dickinson

Bug Description

I've reproduced an eventual consistency issue with container on swift 1.4.3, that may present a swcurity concern,
I think reidrac (see #openstack-dev @ ~ 2011-08-26T11) has used a newer version to also repro it.

If a container with ACLS is deleted and promptly recreated, it retains its ACL settings.

orrigac@corrigac-z400:~/swiftcmds$ swift list
 backup
 id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
   Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
 Container: id
   Objects: 1
     Bytes: 91
  Read ACL:
 Write ACL:
   Sync To:
  Sync Key:
 Accept-Ranges: bytes
 X-Trans-Id: tx021ecbb6ad10465ca6104f77546eb27a
corrigac@corrigac-z400:~/swiftcmds$ swift post -r* id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
   Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
 Container: id
   Objects: 1
     Bytes: 91
  Read ACL: *
 Write ACL:
   Sync To:
  Sync Key:
 Accept-Ranges: bytes
 X-Trans-Id: tx2603dee3abb944fd8b5b946e81f26958
corrigac@corrigac-z400:~/swiftcmds$ swift delete id
 tmp/myid
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
 Container 'id' not found
corrigac@corrigac-z400:~/swiftcmds$ swift upload id myid
 myid
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
   Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
 Container: id
   Objects: 1
     Bytes: 172
  Read ACL: *
 Write ACL:
   Sync To:
  Sync Key:
 Accept-Ranges: bytes
 X-Trans-Id: tx4abdf56ec54e4fad9cdc8b6efd9b0f75
corrigac@corrigac-z400:~/swiftcmds$ swift post "-r " id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
   Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
 Container: id
   Objects: 0
     Bytes: 0
  Read ACL:
 Write ACL:
   Sync To:
  Sync Key:
 Accept-Ranges: bytes
 X-Trans-Id: tx4addacc688f24f44b6292c81393b34d3
corrigac@corrigac-z400:~/swiftcmds$ swift delete id
corrigac@corrigac-z400:~/swiftcmds$ swift post id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
   Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
 Container: id
   Objects: 0
     Bytes: 0
  Read ACL:
 Write ACL:
   Sync To:
  Sync Key:
 Accept-Ranges: bytes
 X-Trans-Id: tx6bcf137363004eccabfe2cd23c636f1c

Tags: acl Edit Tag help

Related branches

Changed in swift:
assignee: nobody → John Dickinson (notmyname)
status: New → Confirmed
importance: Undecided → High
importance: High → Critical
milestone: none → 1.4.3
Revision history for this message
John Dickinson (notmyname) wrote :

This is actually a bug, not a consistency issue. The bug is that the metadata isn't explicitly cleared when the container is marked deleted. So if a PUT comes in before the reclaimer deletes the db, all of the container metadata gets resurrected.

Changed in swift:
status: Confirmed → Fix Committed
Changed in swift:
status: Fix Committed → Fix Released
Jeremy Stanley (fungi)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers