Skip to content
Permalink
Browse files Browse the repository at this point in the history
disallow boot from volume from specifying arbitrary volumes
Fix a vulnerability in volume attachment in nova-volume, affecting the
boot-from-volume feature.  By passing a specific volume ID, an
authenticated user may be able to boot from a volume they don't own,
potentially resulting in full access to that 3rd-party volume.

Fixes bug: 1069904, CVE-2013-0208
Change-Id: I5f7c8d20d3ebf33ce1ce64bf0a8418bd2b5a6411
  • Loading branch information
vishvananda authored and Pádraig Brady committed Jan 28, 2013
1 parent 9f277e3 commit 243d516
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
16 changes: 16 additions & 0 deletions nova/compute/api.py
Expand Up @@ -390,6 +390,22 @@ def _create_instance(self, context, instance_type,

LOG.debug(_("Going to run %s instances...") % num_instances)

# Validate the correct devices have been specified
for bdm in block_device_mapping:
# NOTE(vish): For now, just make sure the volumes are accessible.
snapshot_id = bdm.get('snapshot_id')
volume_id = bdm.get('volume_id')
if volume_id is not None:
try:
self.volume_api.get(context, volume_id)
except Exception:
raise exception.InvalidBDMVolume(id=volume_id)
elif snapshot_id is not None:
try:
self.volume_api.get_snapshot(context, snapshot_id)
except Exception:
raise exception.InvalidBDMSnapshot(id=snapshot_id)

if create_instance_here:
instance = self.create_db_entry_for_new_instance(
context, instance_type, image, base_options,
Expand Down
14 changes: 14 additions & 0 deletions nova/exception.py
Expand Up @@ -309,6 +309,20 @@ class InstanceInvalidState(Invalid):
"%(method)s while the instance is in this state.")


class InvalidBDM(Invalid):
message = _("Block Device Mapping is Invalid.")


class InvalidBDMSnapshot(InvalidBDM):
message = _("Block Device Mapping is Invalid: "
"failed to get snapshot %(id)s.")


class InvalidBDMVolume(InvalidBDM):
message = _("Block Device Mapping is Invalid: "
"failed to get volume %(id)s.")


class InstanceNotRunning(Invalid):
message = _("Instance %(instance_id)s is not running.")

Expand Down

0 comments on commit 243d516

Please sign in to comment.