Feeds

'Catastrophic' server disk-destroying glitch menaced Google cloud

'Shame on you!' screams one developer as race-condition bug discovered

Application security programs and practises

Google has squashed a bug in its public cloud that threatened to accidentally delete users' virtual disks – an error so serious that one security researcher termed it potentially "catastrophic".

The web king today admitted that one of its server migration commands could have "erroneously and permanently" deleted persistent disks attached to virtual instances; the admission was sent out in an email from the Google Compute Engine Team to users of the service on Friday. Coincidentally, Google only just updated its persistent disk feature on Tuesday.

Today's email read:

We discovered a serious issue with the gcutil moveinstances command: with the release of the new auto-delete feature for persistent disks, there is an unintended interaction that can result in accidental deletion of the disk(s) of the instance being moved.

What this means is that if a cloud user enabled auto-delete on a persistent disk in their Google server storage, then moved a virtual server via the command-line management tool gcutil to another Google data center, the system may have accidentally deleted the attached disk before the transfer was fully carried out.

"Now that it is possible to set a persistent disk to be auto-deleted when an instance is deleted, the persistent disk is automatically deleted before gcutil can take a persistent disk snapshot," Google explained. "This results in gcutil moveinstances erroneously and permanently deleting the disk(s) of instances that have enabled the auto-delete feature, without first creating a persistent disk snapshot."

In response to the email, one member of the support mailing list replied directly to Google with the words: "Shame on you!"

This bug will likely reaffirm the paranoia of admins who worry about the reliability of public clouds – after all, if an operator as sophisticated as Google is prone to gaffes like this, then who can you trust?

"This is as catastrophic an error in a public cloud platform as you can get," independent security researcher Kenn White told The Register.

White encapsulated the terror of the problem in a tweet, where he pointed out: "So I make an API call to move VMs w/ 'persistent' volumes and — depending on my command line client version — my VM is accidentally nuked?"

The disclosure of the grave error follows Google making a dramatic price cut to its Drive cloud storage systems ahead of an expected new fleet of cloud services that will launch on March 25.

The bug affected all versions of gcutil prior to version 1.14.2, which was just released and people should upgrade to it, Google said. A spokeswoman added:

Yesterday we found a bug in our command-line tool and worked quickly to resolve the issue. Although we have not received any reports of this issue affecting users, we sent a proactive message immediately to alert our users to the potential issue, and to ask them to update the command line tool.

®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.