Feeds

'Catastrophic' server disk-destroying glitch menaced Google cloud

'Shame on you!' screams one developer as race-condition bug discovered

Mobile application security vulnerability report

Google has squashed a bug in its public cloud that threatened to accidentally delete users' virtual disks – an error so serious that one security researcher termed it potentially "catastrophic".

The web king today admitted that one of its server migration commands could have "erroneously and permanently" deleted persistent disks attached to virtual instances; the admission was sent out in an email from the Google Compute Engine Team to users of the service on Friday. Coincidentally, Google only just updated its persistent disk feature on Tuesday.

Today's email read:

We discovered a serious issue with the gcutil moveinstances command: with the release of the new auto-delete feature for persistent disks, there is an unintended interaction that can result in accidental deletion of the disk(s) of the instance being moved.

What this means is that if a cloud user enabled auto-delete on a persistent disk in their Google server storage, then moved a virtual server via the command-line management tool gcutil to another Google data center, the system may have accidentally deleted the attached disk before the transfer was fully carried out.

"Now that it is possible to set a persistent disk to be auto-deleted when an instance is deleted, the persistent disk is automatically deleted before gcutil can take a persistent disk snapshot," Google explained. "This results in gcutil moveinstances erroneously and permanently deleting the disk(s) of instances that have enabled the auto-delete feature, without first creating a persistent disk snapshot."

In response to the email, one member of the support mailing list replied directly to Google with the words: "Shame on you!"

This bug will likely reaffirm the paranoia of admins who worry about the reliability of public clouds – after all, if an operator as sophisticated as Google is prone to gaffes like this, then who can you trust?

"This is as catastrophic an error in a public cloud platform as you can get," independent security researcher Kenn White told The Register.

White encapsulated the terror of the problem in a tweet, where he pointed out: "So I make an API call to move VMs w/ 'persistent' volumes and — depending on my command line client version — my VM is accidentally nuked?"

The disclosure of the grave error follows Google making a dramatic price cut to its Drive cloud storage systems ahead of an expected new fleet of cloud services that will launch on March 25.

The bug affected all versions of gcutil prior to version 1.14.2, which was just released and people should upgrade to it, Google said. A spokeswoman added:

Yesterday we found a bug in our command-line tool and worked quickly to resolve the issue. Although we have not received any reports of this issue affecting users, we sent a proactive message immediately to alert our users to the potential issue, and to ask them to update the command line tool.

®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.