yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29459
[Bug 1396544] Re: Default `target={}` value leaks into subsequent `policy.check()` calls
** Changed in: horizon/icehouse
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1396544
Title:
Default `target={}` value leaks into subsequent `policy.check()` calls
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Dashboard (Horizon) icehouse series:
Fix Released
Status in OpenStack Dashboard (Horizon) juno series:
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Due to mutable dictionary being used as the default `target` argument
value the first target calculated from scratch in POLICY_CHECK
function will be used for all subsequent calls to POLICY_CHECK with 2
arguments. The wrong `target` can either lead to a reduced set of
operations on an entity for a given user, or to enlarged one. The
latter case poses a security breach from an cloud operators' point of
view.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1396544/+subscriptions