[Openstack-security] [openstack/glance] SecurityImpact review request change Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Mon Sep 26 18:28:56 UTC 2016


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/375526

Log:
commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
Author: Hemanth Makkapati <hemanth.makkapati at rackspace.com>
Date:   Fri Sep 23 09:29:12 2016 -0500

    Adding constraints around qemu-img calls
    
    * All "qemu-img info" calls are now run under resource limitations
      that limit CPU time to 2 seconds and address space usage to 1 GB.
      This helps avoid any DoS attacks via malicious images.
    * All "qemu-img convert" calls now specify the import format so that
      it does not have to be inferred by qemu-img.
    
    SecurityImpact
    
    Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
    Closes-Bug: #1449062





More information about the Openstack-security mailing list