P3A subscribers can obtain the buildd_secret
Bug #600910 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Colin Watson |
Bug Description
Since users now hold launchpad.View over their subscribed P3As, they can add them as dependencies and fire off a build, easily obtaining the buildd secret for any subscribed archive. Revoking their subscription will then not be effective, as they can simply use the internal buildd credentials.
OEM Services currently use the buildd credentials for a mission critical system. However as of March 2011 they have prioritised (over the next 2-3 months) transitioning to regular subscribers rather than the use of the buildd_secret. This bug is deferred until they complete that transition : check with them at the end of May 2011 to confirm they are no longer using the buildd secret.
Related branches
~cjwatson/launchpad:merge-db-stable
Merged
into
launchpad:master
- Colin Watson (community): Approve
-
Diff: 15 lines (+9/-0)1 file modifieddatabase/schema/patch-2210-32-0.sql (+9/-0)
~cjwatson/launchpad:remove-buildd-secret
Merged
into
launchpad:master
- Cristian Gonzalez (community): Approve
-
Diff: 493 lines (+39/-146)19 files modifiedlib/lp/archivepublisher/tests/test_config.py (+0/-1)
lib/lp/archiveuploader/tests/test_ppauploadprocessor.py (+0/-2)
lib/lp/buildmaster/tests/test_packagebuild.py (+0/-1)
lib/lp/registry/browser/tests/test_person.py (+0/-1)
lib/lp/registry/model/distributionsourcepackage.py (+1/-1)
lib/lp/registry/vocabularies.py (+1/-1)
lib/lp/soyuz/browser/tests/archive-views.txt (+9/-9)
lib/lp/soyuz/browser/tests/test_archive_admin_view.py (+1/-3)
lib/lp/soyuz/configure.zcml (+1/-1)
lib/lp/soyuz/doc/archive.txt (+0/-4)
lib/lp/soyuz/interfaces/archive.py (+0/-5)
lib/lp/soyuz/model/archive.py (+8/-27)
lib/lp/soyuz/scripts/expire_archive_files.py (+1/-1)
lib/lp/soyuz/tests/test_archive.py (+0/-50)
lib/lp/soyuz/tests/test_archive_privacy.py (+0/-10)
lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py (+1/-1)
lib/lp/soyuz/xmlrpc/archive.py (+16/-17)
lib/lp/soyuz/xmlrpc/tests/test_archive.py (+0/-10)
lib/lp/testing/factory.py (+0/-1)
~cjwatson/launchpad:db-remove-buildd-secret
Merged
into
launchpad:db-devel
- William Grant (community): Approve (db)
- Cristian Gonzalez (community): Approve
-
Diff: 15 lines (+9/-0)1 file modifieddatabase/schema/patch-2210-32-0.sql (+9/-0)
~cjwatson/launchpad:filemap-issue-macaroons
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 191 lines (+42/-16)4 files modifiedlib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py (+3/-2)
lib/lp/buildmaster/model/buildfarmjobbehaviour.py (+3/-2)
lib/lp/soyuz/model/binarypackagebuildbehaviour.py (+7/-3)
lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py (+29/-9)
~cjwatson/launchpad:issue-private-archive-macaroons
Merged
into
launchpad:master
- Ioana Lasc (community): Approve
-
Diff: 402 lines (+147/-24)10 files modifiedlib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py (+9/-0)
lib/lp/buildmaster/model/buildfarmjobbehaviour.py (+4/-0)
lib/lp/oci/model/ocirecipebuildbehaviour.py (+9/-5)
lib/lp/snappy/model/snapbuildbehaviour.py (+8/-4)
lib/lp/snappy/tests/test_snapbuildbehaviour.py (+55/-0)
lib/lp/soyuz/adapters/archivedependencies.py (+11/-8)
lib/lp/soyuz/model/binarypackagebuildbehaviour.py (+10/-0)
lib/lp/soyuz/model/livefsbuildbehaviour.py (+9/-0)
lib/lp/soyuz/tests/test_archive.py (+29/-7)
system-packages.txt (+3/-0)
~cjwatson/launchpad:verify-archive-macaroons
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 140 lines (+83/-1)2 files modifiedlib/lp/soyuz/xmlrpc/archive.py (+36/-1)
lib/lp/soyuz/xmlrpc/tests/test_archive.py (+47/-0)
~cjwatson/launchpad:livefsbuild-macaroons
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 394 lines (+251/-4)5 files modifiedlib/lp/services/authserver/interfaces.py (+3/-3)
lib/lp/services/authserver/xmlrpc.py (+5/-1)
lib/lp/soyuz/configure.zcml (+8/-0)
lib/lp/soyuz/model/livefsbuild.py (+81/-0)
lib/lp/soyuz/tests/test_livefsbuild.py (+154/-0)
~cjwatson/launchpad:bpb-macaroons-via-authserver
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 122 lines (+26/-12)4 files modifiedlib/lp/services/authserver/interfaces.py (+5/-4)
lib/lp/services/authserver/xmlrpc.py (+6/-1)
lib/lp/soyuz/model/binarypackagebuild.py (+1/-0)
lib/lp/soyuz/tests/test_binarypackagebuild.py (+14/-7)
~cjwatson/launchpad:bpb-snapbuild-archive-macaroons
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 295 lines (+142/-28)4 files modifiedlib/lp/snappy/model/snapbuild.py (+29/-10)
lib/lp/snappy/tests/test_snapbuild.py (+40/-1)
lib/lp/soyuz/model/binarypackagebuild.py (+36/-16)
lib/lp/soyuz/tests/test_binarypackagebuild.py (+37/-1)
Changed in soyuz: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: p3a ppa |
tags: | added: oem-services |
summary: |
- P3A subscription revocation no longer particularly effective + P3A subscribers can obtain the buildd_secret |
description: | updated |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in launchpad: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
On Friday 25 February 2011 20:19:05 Robert Collins wrote:
> + OEM Services currently use the buildd credentials for a mission critical
> + system. However as of March 2011 they have prioritised (over the next
> + 2-3 months) transitioning to regular subscribers rather than the use of
> + the buildd_secret. This bug is deferred until they complete that
> + transition : check with them at the end of May 2011 to confirm they are
> + no longer using the buildd secret.
Rob, this bug is nothing to do with that, it's about a *subscriber* getting
the buildd_secret when they should not be able to.
OEM can get it via the +admin screen and indeed that's how they do it.
This bug is a security risk for all private PPAs with subscribers.