[Openstack-security] [Bug 1733289] Re: Image data stays in store (filesystem store) if image is deleted after staging call

Jeremy Stanley fungi at yuggoth.org
Tue Nov 21 19:19:17 UTC 2017 

Thanks. In that case, treating as a normal Public bug tagged as a
potential security hardening opportunity.

** Information type changed from Private Security to Public

** Tags added: security

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1733289

Title:
  Image data stays in store (filesystem store) if image is deleted after
  staging call

Status in Glance:
  New
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Trying to delete image after staging call image gets deleted from the
  database, but image data remains in the backend ('/tmp/staging'
  directory).

  NOTE: This issue will occur only if image-import is enabled in the
  deployment i.e. 'enable_image_import' is set to True in glance-
  api.conf

  Steps to reproduce:
  1. Create image
     $ glance image-create --container-format ami --disk-format ami --name test_image
  2. Add image to staging area using stage call
     $ glance image-stage <IMAGE_ID>
  3. Verify that image is uploaded to staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>
  4. Delete the image
     $ glance image-delete <IMAGE_ID>
  5. Verify image-list does not show deleted image
     $ glance image-list
  6. Verify that image is still present in staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>

  Image gets deleted from the database but image data presents in the
  staging area i.e. in '/tmp/staging' directory.

  Actually after deleting the image after staging call it should be
  cleared from staging area as well.

  Attack scenario here is to create/stage/delete a lot of large size
  images using DoS the temporary image backend by filling it up.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1733289/+subscriptions

More information about the Openstack-security mailing list