maas-proxy is an open proxy with no ACLs; it should add networks automatically
Bug #1379567 reported by
James Troup
This bug affects 8 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Critical
|
LaMont Jones | ||
maas (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
maas-proxy listens on all interfaces and has no ACLs, i.e. it's an
open proxy:
| root@gremlin:
| tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 30951/squid3
| root@gremlin:
| acl localnet src all # TODO: We should auto-generate this with the networks MAAS manages/knows about.
| http_access allow localnet
| root@gremlin:
This isn't reasonable behaviour, IMO.
Related branches
lp:~lamont/maas/create-maas-proxy.conf-packaging
- Andres Rodriguez (community): Approve
-
Diff: 163 lines (+18/-52)9 files modifieddebian/changelog (+2/-0)
debian/extras/maas-proxy-common.sh (+1/-1)
debian/extras/maas-proxy.conf (+0/-40)
debian/maas-proxy.dirs (+1/-0)
debian/maas-proxy.install (+0/-1)
debian/maas-proxy.logrotate (+1/-1)
debian/maas-proxy.maas-proxy.service (+2/-2)
debian/maas-proxy.postinst (+10/-6)
debian/maas-proxy.postrm (+1/-1)
tags: | added: canonical-is |
no longer affects: | maas |
tags: | added: canonical-bootstack |
Changed in maas: | |
milestone: | none → 1.7.2 |
importance: | Undecided → Critical |
Changed in maas: | |
milestone: | 1.7.2 → 1.7.3 |
Changed in maas: | |
milestone: | 1.7.3 → 1.9.0 |
importance: | Critical → Wishlist |
status: | New → Triaged |
summary: |
- maas-proxy is an open proxy with no ACLs and listening on all interfaces + maas-proxy is an open proxy with no ACLs; it should add networks + automatically |
Changed in maas: | |
milestone: | 1.9.0 → 2.0.0 |
importance: | Wishlist → Critical |
Changed in maas: | |
assignee: | nobody → LaMont Jones (lamont) |
Changed in maas: | |
status: | Triaged → In Progress |
tags: | added: hwcert-server |
Changed in maas: | |
status: | In Progress → Fix Committed |
Changed in maas (Ubuntu Trusty): | |
status: | New → Won't Fix |
tags: | removed: hwcert-server |
Changed in maas: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.