snapshots are not being counted towards volume quota
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Medium
|
John Griffith | ||
Folsom |
Won't Fix
|
High
|
John Griffith |
Bug Description
I cannot create a 999GB volume because I already have a few small volumes and this would exceed my quota :-
cinder create 999 --display_name "gf_stb_
ERROR: VolumeSizeExcee
BUT
I can proceed to create an 899GB volume and then take snapshots of same :-
cinder create 899 --display_name "gf_stb_
cinder list
+------
| b3523658-
+------
cinder snapshot-create b3523658-
cinder snapshot-list
+------
| ID | Volume ID | Status | Display Name | Size |
+------
| b4a7badc-
+------
I can continue making such snapshots to use up available storage in a denial-of-service attack since the snapshots are not being counted against my volume quota.
Hence I am also marking this bug as a scurity vulnerability.
Changed in cinder: | |
assignee: | nobody → John Griffith (john-griffith) |
status: | New → Triaged |
information type: | Private Security → Public |
Changed in cinder: | |
milestone: | none → grizzly-rc1 |
importance: | Undecided → Medium |
Changed in cinder: | |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | grizzly-rc1 → 2013.1 |
tags: | removed: folsom-backport |
So a bug for sure, we need either a separate snapshot-quota class or use the volume-quota. I'm not sure about categorizing it as security risk and DOS susceptibility though.