Cinder

Bug #1198185
Comment #11

Comment 11 for bug 1198185

Revision history for this message

John Griffith (john-griffith) wrote on 2013-07-11: Re: [Bug 1198185] Re: delete_snapshot in LVMVolumeDriver not really zero the snapshot

#11

On Thu, Jul 11, 2013 at 9:48 AM, Jeremy Stanley <email address hidden> wrote:

> Okay, so stepping back a bit, it's not really a question of literally
> zeroing the block device in this case, but rather whether or not secure
> delete is enabled for LVM2 snapshots. Does this mean the report here is
> effectively a duplicate of bug 1134768? If so, it sounds like we're
>

Yes, it's a duplicate.. and before anyone asks, no I don't remember why I
marked it as won't fix, but that should not have been the case.

proposing an announcement that secure delete is off by default because
> it's broken on Debian derived distributions, but that deployers who want
> to enable it for their environments are free to do so.
>

That's my thought exactly, I'll actually just set a flag and turn the old
"dd/zero" method back on as an option while folks argue about the proposals
currently in flight for how to do this better.

>
> If that's the situation, this probably is better suited to drop into the
> OSSN queue (likely with a CVE assignment), rather than issue an OSSA. Am
> I misinterpreting this?
>

I was unfamiliar with OSSN, but that does seem more appropriate to me.

>
> --
> You received this bug notification because you are a member of Cinder
> Bug Team, which is subscribed to Cinder.
> https://bugs.launchpad.net/bugs/1198185
>
> Title:
> delete_snapshot in LVMVolumeDriver not really zero the snapshot
>
> Status in Cinder:
> In Progress
> Status in OpenStack Security Advisories:
> Triaged
>
> Bug description:
> the delete action process:
> delete_snapshot(self, snapshot) -> self._delete_volume(snapshot,
> snapshot['volume_size']) -> self.clear_volume(volume)
>
> def clear_volume(self, volume):
> """unprovision old volumes to prevent data leaking between
> users."""
>
> vol_path = self.local_path(volume)
> size_in_g = volume.get('size')
> size_in_m = self.configuration.volume_clear_size
>
> if not size_in_g:
> LOG.warning(_("Size for volume: %s not found, "
> "skipping secure delete.") % volume['name'])
> return
> ....
> ....
>
>
> Because snapshot without 'size' field, so it will skip secure delete.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cinder/+bug/1198185/+subscriptions
>

On Thu, Jul 11, 2013 at 9:48 AM, Jeremy Stanley <fungi@yuggoth.org> wrote:

Yes, it's a duplicate.. and before anyone asks, no I don't remember why I
marked it as won't fix, but that should not have been the case.

That's my thought exactly, I'll actually just set a flag and turn the old
"dd/zero" method back on as an option while folks argue about the proposals
currently in flight for how to do this better.

>
> If that's the situation, this probably is better suited to drop into the
> OSSN queue (likely with a CVE assignment), rather than issue an OSSA. Am
> I misinterpreting this?
>

I was unfamiliar with OSSN, but that does seem more appropriate to me.

>
> --
> You received this bug notification because you are a member of Cinder
> Bug Team, which is subscribed to Cinder.
> https://bugs.launchpad.net/bugs/1198185
>
> Title:
>   delete_snapshot in LVMVolumeDriver not really zero the snapshot
>
> Status in Cinder:
>   In Progress
> Status in OpenStack Security Advisories:
>   Triaged
>
> Bug description:
>   the delete action process:
>       delete_snapshot(self, snapshot) -> self._delete_volume(snapshot,
> snapshot['volume_size'])  -> self.clear_volume(volume)
>
>       def clear_volume(self, volume):
>           """unprovision old volumes to prevent data leaking between
> users."""
>
>           vol_path = self.local_path(volume)
>           size_in_g = volume.get('size')
>           size_in_m = self.configuration.volume_clear_size
>
>           if not size_in_g:
>               LOG.warning(_("Size for volume: %s not found, "
>                             "skipping secure delete.") % volume['name'])
>               return
>            ....
>            ....
>
>
>   Because snapshot without 'size' field, so it will skip secure delete.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cinder/+bug/1198185/+subscriptions
>