yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1334196] Re: User may be able to set 'system' style swift location

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1334196@xxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Oct 2014 16:18:10 -0000
Reply-to: Bug 1334196 <1334196@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/127540
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=c0d90a580f87dbbf71e3a5d5c1b5cf8d7c7245b2
Submitter: Jenkins
Branch:    proposed/juno

commit c0d90a580f87dbbf71e3a5d5c1b5cf8d7c7245b2
Author: Stuart McLaren <stuart.mclaren@xxxxxx>
Date:   Wed Jul 16 13:33:32 2014 +0000

    Prevent setting swift+config locations
    
    Forbid setting 'swift+config' locations in a similar
    manner to 'file' for security reasons; knowledge of
    the reference name should not be exploitable.
    
    Setting swift+config had been prevented when swift
    was the default store, this patch changes to forbid
    setting no matter which store is the default.
    
    As with change id I75af34145521f533dcd6f5fd7690f5a68f3b44b3
    this is v1 only for now.
    
    Change-Id: I62c4980bd5c2f3dd77fc40cd007bc1067eca63a4
    Closes-bug: 1334196


** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1334196

Title:
  User may be able to set 'system' style swift location

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  This change:

  https://review.openstack.org/#/c/98722/

  Introduces a new system style swift scheme: swift+config

  A new function "validate_location" verifies that that scheme is not being set by a user
  when using the 'set location' functionality.

  However, that function will only perform that check if the default backend is swift.
  If the swift store is enabled but the default store is 'ceph' say then the base
  version of that function (which performs no checking) will be called.

  I think 'validate_location' should probably be removed and a check against 'swift+config' should
  be performed in _validate_source, in the same way as 'file' is checked there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1334196/+subscriptions

References

[Bug 1334196] [NEW] User may be able to set 'system' style swift location
From: Stuart McLaren, 2014-06-25