Reviewed: https://review.openstack.org/275737 Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=6179e1e98808548f1c12a2b66784cac3c1e5ac0f Submitter: Jenkins Branch: master
commit 6179e1e98808548f1c12a2b66784cac3c1e5ac0f Author: Erno Kuvaja <[email protected]> Date: Tue Jan 19 13:37:05 2016 +0000 Prevent user to remove last location of the image If the last location of the image is removed, image transitions back to queued. This allows user to upload new data into the existing image record. By preventing removal of the last location we prevent the image transition back to queued. This change also prevents doing the same operation via replacing the locations with empty list. SecurityImpact DocImpact APIImpact Change-Id: Ieb03aaba887492819f9c58aa67f7acfcea81720e Closes-Bug: #1525915 ** Changed in: glance Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1525915 Title: [OSSA 2016-006] Normal user can change image status if show_multiple_locations has been set to true (CVE-2016-0757) Status in Glance: Fix Released Status in Glance kilo series: New Status in Glance liberty series: Fix Committed Status in OpenStack Security Advisory: Fix Committed Bug description: This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments. -- User (non admin) can set image back to queued state by deleting location(s) from image when "show_multiple_locations" config parameter has been set to true. This breaks the immutability promise glance has similar way as described in OSSA 2015-019 as the image gets transitioned from active to queued and new image data can be uploaded. ubuntu@devstack-02:~/devstack$ glance image-show f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+----------------------------------------------------------------------------------+ | Property | Value | +------------------+----------------------------------------------------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [{"url": "file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- | | | 640dbe37b3bc", "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | 25165824 | | status | active | | tags | [] | | updated_at | 2015-12-14T09:58:54Z | | virtual_size | None | | visibility | private | +------------------+----------------------------------------------------------------------------------+ ubuntu@devstack-02:~/devstack$ glance location-delete --url file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc ubuntu@devstack-02:~/devstack$ glance image-show f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | None | | status | queued | | tags | [] | | updated_at | 2015-12-14T13:43:23Z | | virtual_size | None | | visibility | private | +------------------+--------------------------------------+ ubuntu@devstack-02:~/devstack$ glance image-upload --file files/images/cirros-0.3.4-x86_64-uec/cirros-0.3.4-x86_64-blank.img f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc ubuntu@devstack-02:~/devstack$ glance image-show f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+----------------------------------------------------------------------------------+ | Property | Value | +------------------+----------------------------------------------------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [{"url": "file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- | | | 640dbe37b3bc", "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | 25165824 | | status | active | | tags | [] | | updated_at | 2015-12-14T13:43:41Z | | virtual_size | None | | visibility | private | +------------------+----------------------------------------------------------------------------------+ ubuntu@devstack-02:~/devstack$ This works also on public images. ubuntu@devstack-02:~/devstack$ . ./openrc admin admin ubuntu@devstack-02:~/devstack$ glance image-update --visibility=public f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+----------------------------------------------------------------------------------+ | Property | Value | +------------------+----------------------------------------------------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [{"url": "file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- | | | 640dbe37b3bc", "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | 25165824 | | status | active | | tags | [] | | updated_at | 2015-12-14T13:45:11Z | | virtual_size | None | | visibility | public | +------------------+----------------------------------------------------------------------------------+ ubuntu@devstack-02:~/devstack$ . ./openrc ubuntu@devstack-02:~/devstack$ glance location-delete --url file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc ubuntu@devstack-02:~/devstack$ glance image-show f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | None | | status | queued | | tags | [] | | updated_at | 2015-12-14T13:45:28Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+ ubuntu@devstack-02:~/devstack$ glance image-upload --file files/images/cirros-0.3.4-x86_64-uec/cirros-0.3.4-x86_64-blank.img f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc ubuntu@devstack-02:~/devstack$ glance image-show f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc +------------------+----------------------------------------------------------------------------------+ | Property | Value | +------------------+----------------------------------------------------------------------------------+ | checksum | eb9139e4942121f22bbc2afc0400b2a4 | | container_format | ami | | created_at | 2015-12-14T09:58:54Z | | disk_format | ami | | id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc | | locations | [{"url": "file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- | | | 640dbe37b3bc", "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | cirros-test | | owner | ab69274aa31a4fba8bf559af2b0b98bd | | protected | False | | size | 25165824 | | status | active | | tags | [] | | updated_at | 2015-12-14T13:45:43Z | | virtual_size | None | | visibility | public | +------------------+----------------------------------------------------------------------------------+ ubuntu@devstack-02:~/devstack$ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1525915/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
