yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1380669] Re: precreated router ports can enable cross tenant plugging

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Fri, 06 Feb 2015 00:22:00 -0000
Reply-to: Bug 1380669 <1380669@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1380669

Title:
  precreated router ports can enable cross tenant plugging

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron icehouse series:
  New
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  Previously we addressed the case where a tenant could attached a port
  to another tenant's router by knowing (or guessing) an existing router
  UUID [1].  The fix only prevents a tenant from attaching to existing
  routers, but does not defend against speculative router port creation.
  In systems where randomness is low, speculation of the result of
  uuid4() can allow a tenant to predict the ids of future routers
  enabling cross-tenant plugging since device_id is assumed to be
  trusted and queries are not scoped by tenant.

  The vulnerability was closed in Juno by the work to prevent orphaned
  ports [2].

  That fix for Icehouse cannot be back ported since it adds new models
  and requires a database migration.  A separate fix will be proposed
  for Icehouse and regression tests will be proposed for Juno.

  [1] https://bugs.launchpad.net/neutron/+bug/1243327
  [2] https://bugs.launchpad.net/neutron/+bug/1378866

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1380669/+subscriptions