yahoo-eng-team team mailing list archive

[Jeremy Stanley <1986969@xxxxxxxxxxxxxxxxxx>]

Since this bug has been switched to Public Security, I've added an
incomplete security advisory task to track whether we'll need to publish
one.

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1986969

Title:
  Manually assign --device and --device-owner to a port does NOT binds
  the port inmediatly

Status in neutron:
  In Progress
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  This could be considered as a documentation bug.

  When a VM is created (there is a device ID), a user can create a port and assign the port device_id to the VM ID and the device_owner="compute:nova". That makes this port visible when executing:
    $ openstack port list --server serverID

  
  The port is not bound, of course. But when the VM is rebooted (hard reboot), the port is assigned and bound to this VM.

  There is another related issue from the administrator point of view. A user can assign (by mistake or coincidence) the device ID of another project VM ID. This non-admin user can't see the other project VM. But the administrator, when executing the previous command, will see a VM assigned to a project with a port from another. This scenario:
  * Is difficult to reproduce: the non-admin user must guess the VM ID of another project without having access.
  * Affect only to the admin view, who can access to both projects.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1986969/+subscriptions