yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #05207
[Bug 1213241] Re: Pickled data in Glance database enables remote code execution
** Changed in: glance
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1213241
Title:
Pickled data in Glance database enables remote code execution
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Bug description:
Glance uses pickled python objects for the storage of image location
metadata in its SQL database backend [1]. In the event that the
database server running beneath Glance is compromised, the usage of
pickle will allow an attacker to execute untrusted code remotely and
further compromise the cloud [2] [3].
[1] https://github.com/openstack/glance/blob/master/glance/db/sqlalchemy/models.py#L157
[2] See warning at the top of the pickle module doc: http://docs.python.org/2/library/pickle.html
[3] http://blog.nelhage.com/2011/03/exploiting-pickle/
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1213241/+subscriptions