'Catastrophic' server disk-destroying glitch menaced Google cloud

Google has squashed a bug in its public cloud that threatened to accidentally delete users' virtual disks – an error so serious that one security researcher termed it potentially "catastrophic".

The web king today admitted that one of its server migration commands could have "erroneously and permanently" deleted persistent disks attached to virtual instances; the admission was sent out in an email from the Google Compute Engine Team to users of the service on Friday. Coincidentally, Google only just updated its persistent disk feature on Tuesday.

Today's email read:

We discovered a serious issue with the gcutil moveinstances command: with the release of the new auto-delete feature for persistent disks, there is an unintended interaction that can result in accidental deletion of the disk(s) of the instance being moved.

What this means is that if a cloud user enabled auto-delete on a persistent disk in their Google server storage, then moved a virtual server via the command-line management tool gcutil to another Google data center, the system may have accidentally deleted the attached disk before the transfer was fully carried out.

"Now that it is possible to set a persistent disk to be auto-deleted when an instance is deleted, the persistent disk is automatically deleted before gcutil can take a persistent disk snapshot," Google explained. "This results in gcutil moveinstances erroneously and permanently deleting the disk(s) of instances that have enabled the auto-delete feature, without first creating a persistent disk snapshot."

In response to the email, one member of the support mailing list replied directly to Google with the words: "Shame on you!"

This bug will likely reaffirm the paranoia of admins who worry about the reliability of public clouds – after all, if an operator as sophisticated as Google is prone to gaffes like this, then who can you trust?

"This is as catastrophic an error in a public cloud platform as you can get," independent security researcher Kenn White told The Register.

White encapsulated the terror of the problem in a tweet, where he pointed out: "So I make an API call to move VMs w/ 'persistent' volumes and — depending on my command line client version — my VM is accidentally nuked?"

The disclosure of the grave error follows Google making a dramatic price cut to its Drive cloud storage systems ahead of an expected new fleet of cloud services that will launch on March 25.

The bug affected all versions of gcutil prior to version 1.14.2, which was just released and people should upgrade to it, Google said. A spokeswoman added:

Yesterday we found a bug in our command-line tool and worked quickly to resolve the issue. Although we have not received any reports of this issue affecting users, we sent a proactive message immediately to alert our users to the potential issue, and to ask them to update the command line tool.

®