[openstack-nova/f17] disallow boot from arbitrary volumes (CVE-2013-0208)
Pádraig Brady
pbrady at fedoraproject.org
Tue Jan 29 17:45:51 UTC 2013
commit 75ff9b7a1c6c8cc51de68998e5637f059995d964
Author: Pádraig Brady <P at draigBrady.com>
Date: Tue Jan 29 17:30:25 2013 +0000
disallow boot from arbitrary volumes (CVE-2013-0208)
...ot-from-volume-from-specifying-arbitrary-.patch | 70 ++++++++++++++++++++
openstack-nova.spec | 7 ++-
2 files changed, 76 insertions(+), 1 deletions(-)
---
diff --git a/0013-disallow-boot-from-volume-from-specifying-arbitrary-.patch b/0013-disallow-boot-from-volume-from-specifying-arbitrary-.patch
new file mode 100644
index 0000000..05e833b
--- /dev/null
+++ b/0013-disallow-boot-from-volume-from-specifying-arbitrary-.patch
@@ -0,0 +1,70 @@
+From 10e8755a1491b8da3e66259f000483a8b2ddc716 Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda at gmail.com>
+Date: Thu, 24 Jan 2013 10:45:19 +0000
+Subject: [PATCH] disallow boot from volume from specifying arbitrary volumes
+
+Fix a vulnerability in volume attachment in nova-volume, affecting the
+boot-from-volume feature. By passing a specific volume ID, an
+authenticated user may be able to boot from a volume they don't own,
+potentially resulting in full access to that 3rd-party volume.
+
+Fixes bug: 1069904, CVE-2013-0208
+Change-Id: I5f7c8d20d3ebf33ce1ce64bf0a8418bd2b5a6411
+(cherry picked from commit 243d516cea9d3caa5a8267b12d2f577dcb24193b)
+---
+ nova/compute/api.py | 16 ++++++++++++++++
+ nova/exception.py | 14 ++++++++++++++
+ 2 files changed, 30 insertions(+), 0 deletions(-)
+
+diff --git a/nova/compute/api.py b/nova/compute/api.py
+index 13570f7..1683f38 100644
+--- a/nova/compute/api.py
++++ b/nova/compute/api.py
+@@ -390,6 +390,22 @@ class API(BaseAPI):
+
+ LOG.debug(_("Going to run %s instances...") % num_instances)
+
++ # Validate the correct devices have been specified
++ for bdm in block_device_mapping:
++ # NOTE(vish): For now, just make sure the volumes are accessible.
++ snapshot_id = bdm.get('snapshot_id')
++ volume_id = bdm.get('volume_id')
++ if volume_id is not None:
++ try:
++ self.volume_api.get(context, volume_id)
++ except Exception:
++ raise exception.InvalidBDMVolume(id=volume_id)
++ elif snapshot_id is not None:
++ try:
++ self.volume_api.get_snapshot(context, snapshot_id)
++ except Exception:
++ raise exception.InvalidBDMSnapshot(id=snapshot_id)
++
+ if create_instance_here:
+ instance = self.create_db_entry_for_new_instance(
+ context, instance_type, image, base_options,
+diff --git a/nova/exception.py b/nova/exception.py
+index 107d926..1f1fa53 100644
+--- a/nova/exception.py
++++ b/nova/exception.py
+@@ -309,6 +309,20 @@ class InstanceInvalidState(Invalid):
+ "%(method)s while the instance is in this state.")
+
+
++class InvalidBDM(Invalid):
++ message = _("Block Device Mapping is Invalid.")
++
++
++class InvalidBDMSnapshot(InvalidBDM):
++ message = _("Block Device Mapping is Invalid: "
++ "failed to get snapshot %(id)s.")
++
++
++class InvalidBDMVolume(InvalidBDM):
++ message = _("Block Device Mapping is Invalid: "
++ "failed to get volume %(id)s.")
++
++
+ class InstanceNotRunning(Invalid):
+ message = _("Instance %(instance_id)s is not running.")
+
diff --git a/openstack-nova.spec b/openstack-nova.spec
index b9ad74d..2fa4e51 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
Name: openstack-nova
Version: 2012.1.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: OpenStack Compute (nova)
Group: Applications/System
@@ -44,6 +44,7 @@ Patch0009: 0009-EC2-DescribeImages-reports-correct-rootDeviceType.patch
Patch0010: 0010-Reject-EC2-CreateImage-for-instance-store.patch
Patch0011: 0011-Fix-EC2-CreateImage-no_reboot-logic.patch
Patch0012: 0012-Avoid-RPC-calls-while-holding-iptables-lock.patch
+Patch0013: 0013-disallow-boot-from-volume-from-specifying-arbitrary-.patch
BuildArch: noarch
BuildRequires: intltool
@@ -364,6 +365,7 @@ This package contains documentation files for nova.
%patch0010 -p1
%patch0011 -p1
%patch0012 -p1
+%patch0013 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
@@ -755,6 +757,9 @@ fi
%endif
%changelog
+* Tue Jan 29 2013 Pádraig Brady <pbrady at redhat.com> - 2012.1.3-3
+- disallow boot from volume from specifying arbitrary volumes (CVE-2013-0208)
+
* Thu Nov 29 2012 Nikola Dipanov <ndipanov at redhat.com> - 2012.1.3-2
- nova.conf default configuration tweak to prevent image deletion due to an imagecahce bug
More information about the scm-commits
mailing list