[Openstack-security] [openstack/glance] SecurityImpact review request change Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Sep 27 14:23:50 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/377736
Log:
commit c90830d71969f68768d898c1c178489f602214e2
Author: Hemanth Makkapati <hemanth.makkapati at rackspace.com>
Date: Fri Sep 23 09:29:12 2016 -0500
Adding constraints around qemu-img calls
* All "qemu-img info" calls are now run under resource limitations
that limit CPU time to 2 seconds and address space usage to 1 GB.
This helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that
it does not have to be inferred by qemu-img.
SecurityImpact
Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
Closes-Bug: #1449062
(cherry picked from commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f)
More information about the Openstack-security
mailing list