[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1733289] Fix included in openstack/glance

This issue was fixed in the openstack/glance release

You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.

  Image data stays in store (filesystem store) if image is deleted after
  staging call

Status in Glance:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Trying to delete image after staging call image gets deleted from the
  database, but image data remains in the backend ('/tmp/staging'

  NOTE: This issue will occur only if image-import is enabled in the
  deployment i.e. 'enable_image_import' is set to True in glance-

  Steps to reproduce:
  1. Create image
     $ glance image-create --container-format ami --disk-format ami --name test_image
  2. Add image to staging area using stage call
     $ glance image-stage <IMAGE_ID>
  3. Verify that image is uploaded to staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>
  4. Delete the image
     $ glance image-delete <IMAGE_ID>
  5. Verify image-list does not show deleted image
     $ glance image-list
  6. Verify that image is still present in staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>

  Image gets deleted from the database but image data presents in the
  staging area i.e. in '/tmp/staging' directory.

  Actually after deleting the image after staging call it should be
  cleared from staging area as well.

  Attack scenario here is to create/stage/delete a lot of large size
  images using DoS the temporary image backend by filling it up.

To manage notifications about this bug go to: