Feeds

'Catastrophic' server disk-destroying glitch menaced Google cloud

'Shame on you!' screams one developer as race-condition bug discovered

Top 5 reasons to deploy VMware with Tegile

Google has squashed a bug in its public cloud that threatened to accidentally delete users' virtual disks – an error so serious that one security researcher termed it potentially "catastrophic".

The web king today admitted that one of its server migration commands could have "erroneously and permanently" deleted persistent disks attached to virtual instances; the admission was sent out in an email from the Google Compute Engine Team to users of the service on Friday. Coincidentally, Google only just updated its persistent disk feature on Tuesday.

Today's email read:

We discovered a serious issue with the gcutil moveinstances command: with the release of the new auto-delete feature for persistent disks, there is an unintended interaction that can result in accidental deletion of the disk(s) of the instance being moved.

What this means is that if a cloud user enabled auto-delete on a persistent disk in their Google server storage, then moved a virtual server via the command-line management tool gcutil to another Google data center, the system may have accidentally deleted the attached disk before the transfer was fully carried out.

"Now that it is possible to set a persistent disk to be auto-deleted when an instance is deleted, the persistent disk is automatically deleted before gcutil can take a persistent disk snapshot," Google explained. "This results in gcutil moveinstances erroneously and permanently deleting the disk(s) of instances that have enabled the auto-delete feature, without first creating a persistent disk snapshot."

In response to the email, one member of the support mailing list replied directly to Google with the words: "Shame on you!"

This bug will likely reaffirm the paranoia of admins who worry about the reliability of public clouds – after all, if an operator as sophisticated as Google is prone to gaffes like this, then who can you trust?

"This is as catastrophic an error in a public cloud platform as you can get," independent security researcher Kenn White told The Register.

White encapsulated the terror of the problem in a tweet, where he pointed out: "So I make an API call to move VMs w/ 'persistent' volumes and — depending on my command line client version — my VM is accidentally nuked?"

The disclosure of the grave error follows Google making a dramatic price cut to its Drive cloud storage systems ahead of an expected new fleet of cloud services that will launch on March 25.

The bug affected all versions of gcutil prior to version 1.14.2, which was just released and people should upgrade to it, Google said. A spokeswoman added:

Yesterday we found a bug in our command-line tool and worked quickly to resolve the issue. Although we have not received any reports of this issue affecting users, we sent a proactive message immediately to alert our users to the potential issue, and to ask them to update the command line tool.

®

Choosing a cloud hosting partner with confidence

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.