** Also affects: nova/juno
Importance: Undecided
Status: New
** Also affects: nova/kilo
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1387543
Title:
Resize/delete combo allows to overload nova-compute (CVE-2015-3241)
Status in OpenStack Compute (Nova):
In Progress
Status in OpenStack Compute (nova) juno series:
New
Status in OpenStack Compute (nova) kilo series:
New
Status in OpenStack Security Advisories:
In Progress
Bug description:
If user create instance, and resize it to larger flavor and than
delete that instance, migration process does not stop. This allow
user to repeat operation many times, causing overload to affected
compute nodes over user quota.
Affected installation: most drastic effect happens on 'raw-disk'
instances without live migration. Whole raw disk (full size of the
flavor) is copied during migration.
If user delete instance it does not terminate rsync/scp keeping disk
backing file opened regardless of removal by nova compute.
Because rsync/scp of large disks is rather slow, it gives malicious
user enough time to repeat that operation few hundred times, causing
disk space depletion on compute nodes, huge impact on management
network and so on.
Proposed solution: abort migration (kill rsync/scp) as soon, as
instance is deleted.
Affected installation: Havana, Icehouse, probably Juno (not tested).
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1387543/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
