no signature check for cached images
Bug #1793159 reported by
Josephine Seifert
This bug report is a duplicate of:
Bug #1785668: nova-compute doesn't check image signature if imagecache exists.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
New
|
Undecided
|
Unassigned |
Bug Description
Currently Nova only checks an image's signature directly after downloading it from Glance. The image is then cached on the corresponding compute node.
When Nova is reading the image file from cache and actually transfers it into the desired target storage when creating a server resource, the signature should be checked once again, since the image might have been tampered with in the cache. This has to be done somewhere in nova/virt/
To post a comment you must log in.
Can you provide some more details regarding the statement, "since the image might have been tampered with in the cache"? Can you provide a recreate scenario for example? Otherwise this sounds like a whack-a-mole problem where we could justify needing to check the image signature at any point the image is referenced, which sounds expensive.