← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #52427

[Bug 1593177] [NEW] The default policy should be admin

  Thread PreviousDate PreviousThread Next 
Public bug reported:

From: https://review.openstack.org/#/c/309346/

"
I investigated the behaviour of the policy file when various policies are removed.

A completely empty policy file will return a 403 Forbidden. As the user
will not match with any of the policies.

However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it.
"
Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out.

** Affects: glance
     Importance: Undecided
     Assignee: Niall Bunting (niall-bunting)
         Status: In Progress

** Changed in: glance
     Assignee: (unassigned) => Niall Bunting (niall-bunting)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1593177

Title:
  The default policy should be admin

Status in Glance:
  In Progress

Bug description:
  From: https://review.openstack.org/#/c/309346/

  "
  I investigated the behaviour of the policy file when various policies are removed.

  A completely empty policy file will return a 403 Forbidden. As the
  user will not match with any of the policies.

  However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it.
  "
  Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1593177/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next