[ome-users] [ome-devel] Alert: data loss with OMERO's cleanse function

Helen Flynn (Staff) h.flynn at dundee.ac.uk
Fri May 27 17:27:46 BST 2016


Dear All,

See http://www.openmicroscopy.org/site/products/omero/secvuln/2016-SV1-cleanse for a link to a server patch to resolve this issue. OMERO version 5.2.4 will be released containing this patch asap,

Regards,

The OME Team


Dr Helen Flynn
OME Technical Writer
Centre for Gene Regulation & Expression
Open Microscopy Environment
University of Dundee
http://openmicroscopy.org<http://openmicroscopy.org/>

On 26 May 2016, at 14:56, Helen Flynn (Staff) <h.flynn at dundee.ac.uk<mailto:h.flynn at dundee.ac.uk>> wrote:

Dear All,

Today we confirmed that the cleanse.py script which is used by the "bin/omero admin cleanse" command can lead to data loss.

If the cleanse.py script is run by an operating system user who has permission to delete from the filesystem used for OMERO's binary repository but who is logged into OMERO as a non-administrative user (not a member of the OMERO "system" group) then the cleanse operation will *delete* other users' images, attachments, and other files that the OMERO user does not have permission to access.

We are actively working on a fix and we sincerely apologize for our critical error in this regard. The OMERO 5.2.3 documentation will be updated in the meantime to add warnings.

If you have run the "cleanse" function recently *as a non-administrative OMERO user* then please get in touch with us by the usual means for advice on how best to restore lost data from backups into your current OMERO system.

We are not aware of any problem with "cleanse" when run as an OMERO administrative user such as "root". However, before running destructive operations, always first back up your data and use cleanse's --dry-run option to check that what it plans to delete is appropriate.

We are most grateful to Carnë Draug for bringing this serious problem to our attention.

Regards,

The OME Team

Dr Helen Flynn
OME Technical Writer
Centre for Gene Regulation & Expression
Open Microscopy Environment
University of Dundee
http://openmicroscopy.org<http://openmicroscopy.org/>


The University of Dundee is a registered Scottish Charity, No: SC015096
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20160527/2c992824/attachment.html>


More information about the ome-users mailing list