yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #66443
[Bug 1669610] Re: Insecure defaults for `openstack security group rule create`
[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1669610
Title:
Insecure defaults for `openstack security group rule create`
Status in neutron:
Expired
Status in python-openstackclient:
Incomplete
Bug description:
It's really easy to open up access to anyone by mistake. If you supply
no options when creating a new rule, it defaults to allowing access to
all ports to any remote host.
I'm not sure what the right fix is, but I would expect that sort of
permissive access to be a bit harder to create.
# allow anyone to access any tcp port - so simple!
$ openstack security group rule create default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | None |
| description | None |
| direction | ingress |
| ether_type | IPv4 |
| id | 7d481fad-9b57-4e71-9d63-fbba895e1a6c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | c6f313e10752449ea9b70acfba353c80 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | a5fbd65f-e4da-47d3-90cb-8dfc81eccd66 |
| updated_at | None |
+-------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1669610/+subscriptions
