yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1442333] Re: Floating IP is reused after nodeB deletion and nodeA shelve unshelve

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Tue, 18 Aug 2015 22:52:40 -0000
Reply-to: Bug 1442333 <1442333@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for following up, Clark!

** Information type changed from Private Security to Public

** Changed in: ossa
       Status: Incomplete => Invalid

** Changed in: nova
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1442333

Title:
  Floating IP is reused after nodeB deletion and nodeA shelve unshelve

Status in OpenStack Compute (nova):
  Invalid
Status in OpenStack Security Advisory:
  Invalid

Bug description:
  This issue is being treated as a potential security risk under
  embargo. Please do not make any public mention of embargoed (private)
  security vulnerabilities before their coordinated publication by the
  OpenStack Vulnerability Management Team in the form of an official
  OpenStack Security Advisory. This includes discussion of the bug or
  associated fixes in public forums such as mailing lists, code review
  systems and bug trackers. Please also avoid private disclosure to
  other individuals not already approved for access to this information,
  and provide this same reminder to those who are made aware of the
  issue prior to publication. All discussion should remain confined to
  this private bug report, and any proposed fixes should be added as to
  the bug as attachments.

  Not quite sure if this is a security issue and I unfortunately already
  mentioned it in #openstack-nova
  (http://eavesdrop.openstack.org/irclogs/%23openstack-nova
  /%23openstack-nova.2015-04-09.log starts at 2015-04-09T18:39:39), but
  figured I would be nice and report this privately then you all can
  make it more public if that is desireable.

  I am debugging the upstream gate's multinode test environment with
  nova network. This env has two nodes, a controller with compute and a
  compute node. They run in multi host mode so each compute node is its
  own gateway.

  If I create two VMs, nodeA and nodeB this schedules nodeA on the
  controller and nodeB on the compute node. Then I attach a floating ip
  to each VM. nodeA gets fipA and nodeB gets fipB. Now delete nodeB,
  shelve nodeA, unshelve nodeA. We end up with nodeA moved to the
  compute node from the controller. The issue is that nodeA has both
  fipA and fipB attached to it according to nova show nodeA. I was able
  to confirm that sshing to both floating IPs connects me to nodeA.

  While I only tested this with a single tenant, my understanding of
  nova net's floating ip implementation is that this can also affect
  nodeA and nodeB if they belong to different tenants. In any case the
  potential to grab someone elses floating ip when they have potentially
  tried to remove its connectivity is why I am filing this as a security
  bug. At the very least it is a bug and shelve unshelve should not
  steal floating ips.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1442333/+subscriptions