osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1739646] Re: Instance type with disk set to 0 can cause DoS


Sounds like we've got consensus on class B1, so I'll mark the OSSA task
won't fix, add a new OSSN task, switch the bug type to just public
rather than public security and add the security bugtag instead.

** Information type changed from Public Security to Public

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Also affects: ossn
   Importance: Undecided
       Status: New

** Tags added: security

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1739646

Title:
  Instance type with disk set to 0 can cause DoS

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Compute (nova) ocata series:
  In Progress
Status in OpenStack Compute (nova) pike series:
  In Progress
Status in OpenStack Compute (nova) queens series:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix
Status in OpenStack Security Notes:
  New

Bug description:
  In OpenStack at the moment, there is the ability to create instance
  types with disk size 0.  The API documentation states the following:

  "The size of the root disk that will be created in GiB. If 0 the root
  disk will be set to exactly the size of the image used to deploy the
  instance. However, in this case filter scheduler cannot select the
  compute host based on the virtual image size. Therefore, 0 should only
  be used for volume booted instances or for testing purposes."

  In a cloud environment where a deployer wants to offer boot-from-
  volume instances, those instance types will be there.  However, this
  means that a user can upload an image of 4TB and boot small instances
  where each one will have 4TB of storage, potentially exhausting the
  disks local storage (or Ceph cluster if using Ceph for ephemeral
  storage).

  I'm not sure if this is a security issue or it should be published as
  an advisory, but I believe there should be an option to disable the
  feature of booting an instance with the exact size of the image used
  so deployers have the ability/choice to provide boot-from-volume
  instance types.

  I can confirm this in our environment that if a customer creates an
  instance with 200GB of ephemeral disk space, they can take an image of
  it, then create an instance with that image on an instance type that
  has no ephemeral disk space and get 200GB of disk.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1739646/+subscriptions