Tenants can be created with invalid ids
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Medium
|
Dolph Mathews | ||
Icehouse |
Won't Fix
|
Medium
|
Unassigned | ||
Juno |
Won't Fix
|
Medium
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
When creating a new tenant, there is an optional argument 'id' that may be passed:
If not passed, this just creates a uuid and proceeds. If a value is passed, it will use that value. So a user with priv's to create a tenant can pass something like "../../../../../" as the id. If this is done, then the project can't be deleted without manually removing the value from the database. This can lead to a DoS that could fill the db and take down the cloud, in the worst of circumstances.
I believe the proper fix here would be to just remove this feature altogether. But this is because I'm not clear about why we would ever want to allow someone to set the id manually. If there's a valid use case here, then we should at least do some input validation.
Changed in ossa: | |
status: | Incomplete → Confirmed |
importance: | Undecided → Medium |
description: | updated |
Changed in keystone: | |
assignee: | nobody → Dolph Mathews (dolph) |
importance: | Undecided → Medium |
status: | New → Confirmed |
information type: | Private Security → Public |
tags: | added: security |
Changed in ossa: | |
status: | Confirmed → Won't Fix |
tags: | removed: icehouse-backport-potential |
tags: | removed: juno-backport-potential |
Looks like that line of code hasn't been touched since before Icehouse.