OpenStack Compute (nova)

  1. Bug #1449062
  2. Comment #90

Comment 90 for bug 1449062

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/liberty)

Reviewed: https://review.openstack.org/378012
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=58311904a73f931404416649dc6ed3958adc59c8
Submitter: Jenkins
Branch: stable/liberty

commit 58311904a73f931404416649dc6ed3958adc59c8
Author: Brian Rosmaita <email address hidden>
Date: Tue Sep 27 16:11:17 2016 -0400

    Adding constraints around qemu-img calls

    * All "qemu-img info" calls are now run under resource limitations that
      limit CPU time to 2 seconds and address space usage to 1 GB. This
      helps avoid any DoS attacks via malicious images.
    * All "qemu-img convert" calls now specify the import format so that it
      does not have to be inferred by qemu-img.

    SecurityImpact

    (Hemanth did all the work on this, I'm just doing the backport.)

    Co-authored-by: Hemanth Makkapati <email address hidden>
    Closes-Bug: #1449062
    (cherry picked from commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f)

    Change-Id: I65f30b85439a8811545b0ca590555528631954df