← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #20064

[Bug 1347909] Re: Trust unit tests should target additional threat scenarios

  Thread PreviousDate PreviousThread Next 
** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => juno-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347909

Title:
  Trust unit tests should target additional threat scenarios

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  During the OpenStack Security Group Juno midcycle, some threat
  modelling work around Keystone trusts identified some threat scenarios
  that the existing unit tests do not cover.  It should be made clear
  that these scenarios are handled correctly by Keystone form a security
  standpoint, but tests should be added to protect against regressions
  in these security sensitive areas.

  Scenario 1:
  -------------
  The first scenario is related to deletion of a grant that has been previously delegated via a trust.  We need to ensure that executing a trust for a role that the trustor no longer has is rejected.  For example, consider the following chain of events:

  - User A is granted 'somerole' on 'someproject'.
  - User A creates a trust to delegate 'somerole' on 'someproject' to User B.
  - The grant for 'somerole' on 'someproject' for user A is deleted.
  - User B attempts to execute the trust, which should be rejected.

  
  Scenario 2:
  -------------
  The second scenario is related to an attempt to use a trust token with impersonation to execute another trust as the impersonated user.  We need to ensure that a trust token can't be used to execute another trust.  For example, consider the following chain of events:

  - User A creates a trust to delegate some roles to User B.
  - User B creates a trust to delegate some roles to User C.
  - User C successfully executes the trust to impersonate User B.
  - User C uses the trust token that impersonates User B to attempt to execute the trust created by User A, which should be rejected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347909/+subscriptions

References

  Thread PreviousDate PreviousThread Next