openstack-manuals

grizzly: swift Remove IP-based container-sync ACLs from auth middlewares.

Bug #1087058 reported by Tom Fifield
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Tom Fifield
openstack-manuals grizzly

Bug Description

https://review.openstack.org/16358 introduced changes to the way container-sync works in swift:

    The determination of the client IP looked at the X-Cluster-Client-Ip
    and X-Forwarded-For headers in the incoming HTTP request. This is
    trivially spoofable by a malicious client, so there's no security
    gained by having the check there.

    Worse, having the check there provides a false sense of security to
    cluster operators. It sounds like it's based on the client IP, so an
    attacker would have to do IP spoofing to defeat it. However, it's
    really just a shared secret, and there's already a secret key set
    up. Basically, it looks like 2-factor auth (IP+key), but it's really
    1-factor (key).

    Now, the one case where this might provide some security is where the
    Swift cluster is behind an external load balancer that strips off the
    X-Cluster-Client-Ip and X-Forwarded-For headers and substitutes its
    own. I don't think it's worth the tradeoff, hence this commit.

Tags: swift
Tom Fifield (fifieldt)
Changed in openstack-manuals:
milestone: none → grizzly
status: New → Confirmed
importance: Undecided → Medium
tags: added: swift
Tom Fifield (fifieldt)
Changed in openstack-manuals:
assignee: nobody → Tom Fifield (fifieldt)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/19363

Revision history for this message
Tom Fifield (fifieldt) wrote :

https://review.openstack.org/19363

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/19363
Committed: http://github.com/openstack/openstack-manuals/commit/7408d3548e4335f5a5d1da31c2da2fd5d450cdd8
Submitter: Jenkins
Branch: master

commit 7408d3548e4335f5a5d1da31c2da2fd5d450cdd8
Author: Tom Fifield <email address hidden>
Date: Thu Jan 10 16:52:52 2013 +1100

    remove allowed_sync_hosts option

    fixes bug 1087058

    This option was removed in grizzly as it provided little security.

    Change-Id: I7548d55c63467b06e58a7a7ee1e6e8557b389f4a

Changed in openstack-manuals:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.