openstack-attic/openstack-security-notes
Code Issues Proposed changes
master
openstack-security-notes/notes/OSSN-0016
Doug Chivers 4f3db51563 Cinder secure wipe misconfiguration will result in no wipe, on 
Grizzly.

DocImpact
Closes-Bug: #1322766

Change-Id: I27e3b321cd8b86dfae74c042a6642121184deb2f
2014-06-02 18:17:13 +01:00

45 lines
1.8 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Cinder wipe fails in an insecure manner on Grizzly
---
### Summary ###
A configuration error can prevent the secure erase of volumes in Cinder on
Grizzly, potentially allowing a user to recover another users data.
### Affected Services / Software ###
Cinder, Grizzly
### Discussion ###
In Cinder on Grizzly, a configurable method to perform a secure erase of
volumes was added. In the event of a misconfiguration no secure erase will
be performed.
The default code path in Cinders clear_volume() method, which is taken
in the event of a configuration error, results in no wiping of the volume -
even in the event that the user had flagged the volume for wiping.
This is the same behaviour as if the volume_clear = none option was
selected. This could let an attacker recover data from a volume that was
intended to be securely erased. Examples of possible incorrect
configuration options include values that would appear to result in a
secure erase, for example “volume_clear = true” or “volume_clear =
yes”.
In the event of a misconfiguration resulting in this issue, the message
“Error unrecognized volume_clear option” should be present in log
files.
### Recommended Actions ###
- Create and clear a volume (cinder create --display_name erasetest 10;
cinder delete erasetest)
- Review log files for the above error message (grep “Error unrecognized
volume_clear option” <logfile>)
- Review configuration files to ensure that the valid options zero or
shred are specified.
### Contacts / References ###
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0016
Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1322766
OpenStack Security ML : openstack-security@lists.openstack.org
OpenStack Security Group : https://launchpad.net/~openstack-ossg
View Git Blame Copy Permalink