[Openstack-security] [openstack/nova] SecurityImpact review request change Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Mar 8 15:06:02 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/289960
Log:
commit f302bf04ab5dda89cf8ceaeed309006da90c0666
Author: Lee Yarwood <lyarwood at redhat.com>
Date: Wed Feb 24 11:23:22 2016 +0000
libvirt: Always copy or recreate disk.info during a migration
The disk.info file contains the path and format of any image, config or
ephermal disk associated with an instance. When using RAW images and migrating
an instance this file should always be copied or recreated. This avoids the Raw
imagebackend reinspecting the format of these disks when spawning the instance
on the destination host.
By not copying or recreating this disk.info file, a malicious image written to
an instance disk on the source host will cause Nova to reinspect and record a
different format for the disk on the destination. This format then being used
incorrectly when finally spawning the instance on the destination.
Conflicts:
nova/tests/unit/virt/libvirt/test_driver.py
nova/virt/libvirt/driver.py
SecurityImpact
Closes-bug: #1548450
Change-Id: Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87
More information about the Openstack-security
mailing list