Home / exploits OpenStack Glance image creation in other tenant accounts
Posted on 20 September 2013
Dafna Ron of Red Hat reports: Description of problem: when I try to create an image with tenant name and not tenant ID, the image is not created and no errors are issued. you simply cannot find the image. Version-Release number of selected component (if applicable): openstack-glance-2013.1.3-1.el6ost.noarch How reproducible: 100% Steps to Reproduce: 1. install AIO with local tgt storage (using packstack) 2. create a tenant and a user 3. create an image for the tenant using the tenant name 4. run glance image-list while logging in with user 5. run the same create command using tenant ID 6. run glance image-list while logging in with the user Actual results: image is no created with tenant name. no errors or indicators that the image was not created. Expected results: image should be created with tenant name if we decided not to allow create of image with tenant name we should block the command from running with missing param error ======== Upon further investigation Flavio Percoco of Red Hat reports: Ayal suggested this could also be a security issue. I went ahead and tested current behavior and indeed, this behavior could be used to inject images to other users. Scenario: - Create an image using user1 - Pick tenant's id of user2 and add it as a member of the image user1 just created - Use user2 to list images. This will list the image user1 created. I think this is an issue because it allows user from other tenants to sneak images with a backdoor to other tenants.
