[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1501808] Re: Enabling soft-deletes opens a DOS on compute hosts

Found open reviews for this bug in gerrit, setting to In Progress.

review: https://review.openstack.org/386756 in branch: master
review: https://review.openstack.org/407877 in branch: master

** Changed in: nova
       Status: Won't Fix => In Progress

** Changed in: nova
     Assignee: Matt Riedemann (mriedem) => Chris Martin (cm876n)

You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.

  Enabling soft-deletes opens a DOS on compute hosts

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  If the user sets reclaim_instance_interval to anything other than 0,
  then when a user requests an instance delete, it will instead be soft
  deleted. Soft delete explicitly releases the user's quota, but does
  not release the instance's resources until period task
  _reclaim_queued_deletes runs with a period of
  reclaim_instance_interval seconds.

  A malicious authenticated user can repeatedly create and delete
  instances without limit, which will consume resources on the host
  without consuming their quota. If done quickly enough, this will
  exhaust host resources.

  I'm not entirely sure what to suggest in remediation, as this seems to
  be a deliberate design. The most obvious fix would be to not release
  quota until the instance is reaped, but that would be a significant
  change in behaviour.

  This is very similar to https://bugs.launchpad.net/bugs/cve/2015-3280
  , except that we do it deliberately.

To manage notifications about this bug go to: