I don't see this as exploitable, as you'd have to locally control the environment for the keystone user, which means control of that user which means pretty much controlling Keystone anyway ?
Fully agree that we can strengthen that part to avoid it being monkeyed with in the future. With your permission, I'd open this bug publicly and let it be strengthened in public patches.
I don't see this as exploitable, as you'd have to locally control the environment for the keystone user, which means control of that user which means pretty much controlling Keystone anyway ?
Fully agree that we can strengthen that part to avoid it being monkeyed with in the future. With your permission, I'd open this bug publicly and let it be strengthened in public patches.