Non-admin user can administer image cache
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
High
|
Brian Waldon |
Bug Description
The glance-cache-manage binary can be operated by anyone with valid keystone credentials.
Using a vanilla devstack setup, here are the credentials I get:
OS_PASSWORD=secrete
OS_AUTH_URL=http://
OS_USERNAME=demo
OS_TENANT_NAME=demo
With these creds, it appears I have full access to the cache management middleware through glance-
vagrant@
Found 1 cached images...
ID Last Accessed (UTC) Last Modified (UTC) Size Hits
-------
38895dc9-
vagrant@
Delete cached image 38895dc9-
vagrant@
No cached images.
This interface is designed to be used from remote hosts as well, so this creates a bit of a security issue. We should lock it down to just admins.
Changed in glance: | |
assignee: | nobody → Brian Waldon (bcwaldon) |
status: | Confirmed → In Progress |
Changed in glance: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | essex-rc1 → 2012.1 |
Just so I understand the impact correctly: is the cache management middleware active by default (or set active in default config files) ? What versions of Glance are exposed to this ?
I targeted to rc1 -- but it will only show in the subscribed people's list until we make it public.
Anyone working on a fix ? Please do not push to public review until we decide this should not be embargoed and coordinated between downstream stakeholders.