Comment 18 for bug 1275062
Revision history for this message
| Stuart McLaren (stuart-mclaren) wrote Re: image location is logged when authentication to store fails | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
A very minor nit on the description.
There are two flavours of Swift store: Single Tenant and Multi Tenant. Typically in the case of Multi Tenant no credentials are stored in the location field. If set_image_location is disabled by policy then there is no credentials leak for Multi Tenant mode. I wonder if something like the following should be considered:
"Only Glance setups which use the Swift store are affected. In the case of a Multi Tenant Swift "
"store where 'set_image_
"Swift store backend an attacker with access to the logs (local shell, log aggregation system access, "
"or accidental leak) may potentially leverage this vulnerability to elevate privileges and gain "
"full direct access to the Glance Swift store backend. In the case of both Single and Multi Tenant Swift "
"store backends where the set_image_location policy is not disabled, an attacker with access "
"to the logs may potentially access any credentials contained in locations which have "
"been explicitly set by any user. "