yahoo-eng-team team mailing list archive

[Jeremy Stanley <fungi@xxxxxxxxxxx>]

Could this behavior be controlled by a would-be attacker, or is it only
up to random chance? If the former then like bug 1058077/bug 1125378 the
VMT would likely deem it a security vulnerability. If the latter like
bug 1255609 we would most probably not.

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1357372

Title:
  Race condition in VNC port allocation when spawning a instance on
  VMware

Status in OpenStack Compute (Nova):
  In Progress
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  When spawning some instances,  nova VMware driver could have a race
  condition in VNC port allocation. Although the get_vnc_port function
  has a lock it not guarantee that the whole vnc port allocation process
  is locked, so another instance could receive the same port if it
  requests the VNC port before nova has finished the vnc port allocation
  to another VM.

  If the instances with the same VNC port are allocated in same host it
  could lead to a improper access to the instance console.

  Reproduce the problem: Launch  two or more instances at same time. In
  some cases one instance could execute the get_vnc_port and pick a port
  but before this instance has finished the _set_vnc_config another
  instance could execute get_vnc_port and pick the same port.

  How often this occurs: unpredictable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1357372/+subscriptions