Re: [openstack-dev] [OSSN-0084] Data retained after deletion of a ScaleIO volume

2018-07-12 Thread Jay S Bryant 



On 7/11/2018 1:20 AM, Luke Hinds wrote:



On Tue, Jul 10, 2018 at 9:08 PM, Jim Rollenhagen 
mailto:j...@jimrollenhagen.com>> wrote:


On Tue, Jul 10, 2018 at 3:28 PM, Martin Chlumsky
mailto:martin.chlum...@gmail.com>> wrote:

It is the workaround that is right and the discussion part
that is wrong.

I am familiar with this bug. Using thin volumes
_and/or_ enabling zero padding DOES ensure data contained
in a volume is actually deleted.


Great, that's super helpful. Thanks!

Is there someone (Luke?) on the list that can send a correction
for this OSSN to all the lists it needs to go to?

// jim


It can, but I would want to be sure we get an agreed consensus. The 
note has already gone through a review cycle where a cinder core 
approved the contents:


https://review.openstack.org/#/c/579094/

If someone wants to put forward a patch with the needed amendments , I 
can send out a correction to the lists.



All,

I have forwarded this note on to Helen Walsh at Dell EMC (Walsh, Helen 
) as they do not monitor the mailing list as 
closely.  Hopefully we can get her engaged to ensure we get the right 
update out there.


Thanks!



On Tue, Jul 10, 2018 at 10:41 AM Jim Rollenhagen
mailto:j...@jimrollenhagen.com>> wrote:

On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds
mailto:lhi...@redhat.com>> wrote:

Data retained after deletion of a ScaleIO volume
---

### Summary ###
Certain storage volume configurations allow newly
created volumes to
contain previous data. This could lead to leakage of
sensitive
information between tenants.

### Affected Services / Software ###
Cinder releases up to and including Queens with
ScaleIO volumes
using thin volumes and zero padding.


According to discussion in the bug, this bug occurs with
ScaleIO volumes using thick volumes and with zero padding
disabled.

If the bug is with thin volumes and zero padding, then the
workaround seems quite wrong. :)

I'm not super familiar with Cinder, so could some Cinder
folks check this out and re-issue a more accurate OSSN,
please?

// jim


### Discussion ###
Using both thin volumes and zero padding does not
ensure data contained
in a volume is actually deleted. The default volume
provisioning rule is
set to thick so most installations are likely not
affected. Operators
can check their configuration in `cinder.conf` or
check for zero padding
with this command `scli --query_all`.

 Recommended Actions 

Operators can use the following two workarounds, until
the release of
Rocky (planned 30th August 2018) which resolves the issue.

1. Swap to thin volumes

2. Ensure ScaleIO storage pools use zero-padding with:

`scli --modify_zero_padding_policy
    (((--protection_domain_id  |
    --protection_domain_name )
    --storage_pool_name ) | --storage_pool_id )
    (--enable_zero_padding | --disable_zero_padding)`

### Contacts / References ###
Author: Nick Tait
This OSSN :
https://wiki.openstack.org/wiki/OSSN/OSSN-0084

Original LaunchPad Bug :
https://bugs.launchpad.net/ossn/+bug/1699573

Mailing List : [Security] tag on
openstack-dev@lists.openstack.org

OpenStack Security Project :
https://launchpad.net/~openstack-ossg




__
OpenStack Development Mailing List (not for usage
questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe



http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




__
OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [OSSN-0084] Data retained after deletion of a ScaleIO volume

2018-07-11 Thread Luke Hinds 
On Tue, Jul 10, 2018 at 9:08 PM, Jim Rollenhagen 
wrote:

> On Tue, Jul 10, 2018 at 3:28 PM, Martin Chlumsky <
> martin.chlum...@gmail.com> wrote:
>
>> It is the workaround that is right and the discussion part that is wrong.
>>
>> I am familiar with this bug. Using thin volumes *and/or* enabling zero
>> padding DOES ensure data contained
>> in a volume is actually deleted.
>>
>
> Great, that's super helpful. Thanks!
>
> Is there someone (Luke?) on the list that can send a correction for this
> OSSN to all the lists it needs to go to?
>
> // jim
>

It can, but I would want to be sure we get an agreed consensus. The note
has already gone through a review cycle where a cinder core approved the
contents:

https://review.openstack.org/#/c/579094/

If someone wants to put forward a patch with the needed amendments , I can
send out a correction to the lists.


>
>
>>
>> On Tue, Jul 10, 2018 at 10:41 AM Jim Rollenhagen 
>> wrote:
>>
>>> On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds  wrote:
>>>
 Data retained after deletion of a ScaleIO volume
 ---

 ### Summary ###
 Certain storage volume configurations allow newly created volumes to
 contain previous data. This could lead to leakage of sensitive
 information between tenants.

 ### Affected Services / Software ###
 Cinder releases up to and including Queens with ScaleIO volumes
 using thin volumes and zero padding.

>>>
>>> According to discussion in the bug, this bug occurs with ScaleIO volumes
>>> using thick volumes and with zero padding disabled.
>>>
>>> If the bug is with thin volumes and zero padding, then the workaround
>>> seems quite wrong. :)
>>>
>>> I'm not super familiar with Cinder, so could some Cinder folks check
>>> this out and re-issue a more accurate OSSN, please?
>>>
>>> // jim
>>>
>>>

 ### Discussion ###
 Using both thin volumes and zero padding does not ensure data contained
 in a volume is actually deleted. The default volume provisioning rule is
 set to thick so most installations are likely not affected. Operators
 can check their configuration in `cinder.conf` or check for zero padding
 with this command `scli --query_all`.

  Recommended Actions 

 Operators can use the following two workarounds, until the release of
 Rocky (planned 30th August 2018) which resolves the issue.

 1. Swap to thin volumes

 2. Ensure ScaleIO storage pools use zero-padding with:

 `scli --modify_zero_padding_policy
 (((--protection_domain_id  |
 --protection_domain_name )
 --storage_pool_name ) | --storage_pool_id )
 (--enable_zero_padding | --disable_zero_padding)`

 ### Contacts / References ###
 Author: Nick Tait
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0084
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1699573
 Mailing List : [Security] tag on openstack-dev@lists.openstack.org
 OpenStack Security Project : https://launchpad.net/~openstack-ossg


 
 __
 OpenStack Development Mailing List (not for usage questions)
 Unsubscribe: openstack-dev-requ...@lists.op
 enstack.org?subject:unsubscribe
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

 
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: openstack-dev-requ...@lists.op
>>> enstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [OSSN-0084] Data retained after deletion of a ScaleIO volume

2018-07-10 Thread Jim Rollenhagen 
On Tue, Jul 10, 2018 at 3:28 PM, Martin Chlumsky 
wrote:

> It is the workaround that is right and the discussion part that is wrong.
>
> I am familiar with this bug. Using thin volumes *and/or* enabling zero
> padding DOES ensure data contained
> in a volume is actually deleted.
>

Great, that's super helpful. Thanks!

Is there someone (Luke?) on the list that can send a correction for this
OSSN to all the lists it needs to go to?

// jim


>
> On Tue, Jul 10, 2018 at 10:41 AM Jim Rollenhagen 
> wrote:
>
>> On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds  wrote:
>>
>>> Data retained after deletion of a ScaleIO volume
>>> ---
>>>
>>> ### Summary ###
>>> Certain storage volume configurations allow newly created volumes to
>>> contain previous data. This could lead to leakage of sensitive
>>> information between tenants.
>>>
>>> ### Affected Services / Software ###
>>> Cinder releases up to and including Queens with ScaleIO volumes
>>> using thin volumes and zero padding.
>>>
>>
>> According to discussion in the bug, this bug occurs with ScaleIO volumes
>> using thick volumes and with zero padding disabled.
>>
>> If the bug is with thin volumes and zero padding, then the workaround
>> seems quite wrong. :)
>>
>> I'm not super familiar with Cinder, so could some Cinder folks check this
>> out and re-issue a more accurate OSSN, please?
>>
>> // jim
>>
>>
>>>
>>> ### Discussion ###
>>> Using both thin volumes and zero padding does not ensure data contained
>>> in a volume is actually deleted. The default volume provisioning rule is
>>> set to thick so most installations are likely not affected. Operators
>>> can check their configuration in `cinder.conf` or check for zero padding
>>> with this command `scli --query_all`.
>>>
>>>  Recommended Actions 
>>>
>>> Operators can use the following two workarounds, until the release of
>>> Rocky (planned 30th August 2018) which resolves the issue.
>>>
>>> 1. Swap to thin volumes
>>>
>>> 2. Ensure ScaleIO storage pools use zero-padding with:
>>>
>>> `scli --modify_zero_padding_policy
>>> (((--protection_domain_id  |
>>> --protection_domain_name )
>>> --storage_pool_name ) | --storage_pool_id )
>>> (--enable_zero_padding | --disable_zero_padding)`
>>>
>>> ### Contacts / References ###
>>> Author: Nick Tait
>>> This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0084
>>> Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1699573
>>> Mailing List : [Security] tag on openstack-dev@lists.openstack.org
>>> OpenStack Security Project : https://launchpad.net/~openstack-ossg
>>>
>>>
>>> 
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:
>>> unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:
>> unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [OSSN-0084] Data retained after deletion of a ScaleIO volume

2018-07-10 Thread Martin Chlumsky 
It is the workaround that is right and the discussion part that is wrong.

I am familiar with this bug. Using thin volumes *and/or* enabling zero
padding DOES ensure data contained
in a volume is actually deleted.

On Tue, Jul 10, 2018 at 10:41 AM Jim Rollenhagen 
wrote:

> On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds  wrote:
>
>> Data retained after deletion of a ScaleIO volume
>> ---
>>
>> ### Summary ###
>> Certain storage volume configurations allow newly created volumes to
>> contain previous data. This could lead to leakage of sensitive
>> information between tenants.
>>
>> ### Affected Services / Software ###
>> Cinder releases up to and including Queens with ScaleIO volumes
>> using thin volumes and zero padding.
>>
>
> According to discussion in the bug, this bug occurs with ScaleIO volumes
> using thick volumes and with zero padding disabled.
>
> If the bug is with thin volumes and zero padding, then the workaround
> seems quite wrong. :)
>
> I'm not super familiar with Cinder, so could some Cinder folks check this
> out and re-issue a more accurate OSSN, please?
>
> // jim
>
>
>>
>> ### Discussion ###
>> Using both thin volumes and zero padding does not ensure data contained
>> in a volume is actually deleted. The default volume provisioning rule is
>> set to thick so most installations are likely not affected. Operators
>> can check their configuration in `cinder.conf` or check for zero padding
>> with this command `scli --query_all`.
>>
>>  Recommended Actions 
>>
>> Operators can use the following two workarounds, until the release of
>> Rocky (planned 30th August 2018) which resolves the issue.
>>
>> 1. Swap to thin volumes
>>
>> 2. Ensure ScaleIO storage pools use zero-padding with:
>>
>> `scli --modify_zero_padding_policy
>> (((--protection_domain_id  |
>> --protection_domain_name )
>> --storage_pool_name ) | --storage_pool_id )
>> (--enable_zero_padding | --disable_zero_padding)`
>>
>> ### Contacts / References ###
>> Author: Nick Tait
>> This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0084
>> Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1699573
>> Mailing List : [Security] tag on openstack-dev@lists.openstack.org
>> OpenStack Security Project : https://launchpad.net/~openstack-ossg
>>
>>
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [OSSN-0084] Data retained after deletion of a ScaleIO volume

2018-07-10 Thread Jim Rollenhagen 
On Tue, Jul 10, 2018 at 4:20 AM, Luke Hinds  wrote:

> Data retained after deletion of a ScaleIO volume
> ---
>
> ### Summary ###
> Certain storage volume configurations allow newly created volumes to
> contain previous data. This could lead to leakage of sensitive
> information between tenants.
>
> ### Affected Services / Software ###
> Cinder releases up to and including Queens with ScaleIO volumes
> using thin volumes and zero padding.
>

According to discussion in the bug, this bug occurs with ScaleIO volumes
using thick volumes and with zero padding disabled.

If the bug is with thin volumes and zero padding, then the workaround seems
quite wrong. :)

I'm not super familiar with Cinder, so could some Cinder folks check this
out and re-issue a more accurate OSSN, please?

// jim


>
> ### Discussion ###
> Using both thin volumes and zero padding does not ensure data contained
> in a volume is actually deleted. The default volume provisioning rule is
> set to thick so most installations are likely not affected. Operators
> can check their configuration in `cinder.conf` or check for zero padding
> with this command `scli --query_all`.
>
>  Recommended Actions 
>
> Operators can use the following two workarounds, until the release of
> Rocky (planned 30th August 2018) which resolves the issue.
>
> 1. Swap to thin volumes
>
> 2. Ensure ScaleIO storage pools use zero-padding with:
>
> `scli --modify_zero_padding_policy
> (((--protection_domain_id  |
> --protection_domain_name )
> --storage_pool_name ) | --storage_pool_id )
> (--enable_zero_padding | --disable_zero_padding)`
>
> ### Contacts / References ###
> Author: Nick Tait
> This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0084
> Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1699573
> Mailing List : [Security] tag on openstack-dev@lists.openstack.org
> OpenStack Security Project : https://launchpad.net/~openstack-ossg
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev