yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1213241] Re: Pickled data in Glance database enables remote code execution

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 02 Oct 2013 15:43:29 -0000
Reply-to: Bug 1213241 <1213241@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1213241

Title:
  Pickled data in Glance database enables remote code execution

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  Glance uses pickled python objects for the storage of image location
  metadata in its SQL database backend [1]. In the event that the
  database server running beneath Glance is compromised, the usage of
  pickle will allow an attacker to execute untrusted code remotely and
  further compromise the cloud [2] [3].

  [1] https://github.com/openstack/glance/blob/master/glance/db/sqlalchemy/models.py#L157
  [2] See warning at the top of the pickle module doc: http://docs.python.org/2/library/pickle.html
  [3] http://blog.nelhage.com/2011/03/exploiting-pickle/

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1213241/+subscriptions