This has been published as OSSN-0057:
https://wiki.openstack.org/wiki/OSSN/OSSN-0057
** Changed in: ossn
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1401170
Title:
0-size images allow unprivileged user to deplete glance resources
Status in Glance:
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Status in OpenStack Security Notes:
Fix Released
Bug description:
Glance allows to create 0-size images ('glance image-create' without
parameters). Those images do not consume resources of storage backend
and do not hit any limits for size, but take up space in database.
Malicious user can cause database resource depletion with endless
flood of 'image-create' requests. Because an empty request is small
it will cause more strain on openstack than on the attacker.
RateLimit on API requests allows to delay consequences of attack, but
does not prevent it.
Here is simple script to run attack:
while true;do curl -i -X POST -H 'X-Auth-Token: ***'
http://glance-endpoint:9292/v1/images;done
My estimation for database growth is about 1Mb/minute (with extra-
slow shell-based attack, but a specially crafted script will allow to
run it with RateLimit speed).
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1401170/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
