yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #20064
[Bug 1347909] Re: Trust unit tests should target additional threat scenarios
** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => juno-3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347909
Title:
Trust unit tests should target additional threat scenarios
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
During the OpenStack Security Group Juno midcycle, some threat
modelling work around Keystone trusts identified some threat scenarios
that the existing unit tests do not cover. It should be made clear
that these scenarios are handled correctly by Keystone form a security
standpoint, but tests should be added to protect against regressions
in these security sensitive areas.
Scenario 1:
-------------
The first scenario is related to deletion of a grant that has been previously delegated via a trust. We need to ensure that executing a trust for a role that the trustor no longer has is rejected. For example, consider the following chain of events:
- User A is granted 'somerole' on 'someproject'.
- User A creates a trust to delegate 'somerole' on 'someproject' to User B.
- The grant for 'somerole' on 'someproject' for user A is deleted.
- User B attempts to execute the trust, which should be rejected.
Scenario 2:
-------------
The second scenario is related to an attempt to use a trust token with impersonation to execute another trust as the impersonated user. We need to ensure that a trust token can't be used to execute another trust. For example, consider the following chain of events:
- User A creates a trust to delegate some roles to User B.
- User B creates a trust to delegate some roles to User C.
- User C successfully executes the trust to impersonate User B.
- User C uses the trust token that impersonates User B to attempt to execute the trust created by User A, which should be rejected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347909/+subscriptions
References