previous owner of node can use oauth creds to retrieve current owner's user-data
Bug #1507586 reported by
Scott Moser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Critical
|
Gavin Panella |
Bug Description
Currently, maas has no separation between 'instance' and 'node'. There is no unique information per "instance".
Thus, if I:
a.) deploy a node
b.) read oauth credentials from that node
c.) return that node
I can read the user-data that the new owner provided . user-data might possibly contain sensitive information.
A secondary fallout of this if a node boots into an old installation maas thinks it was deployed and marks it DEPLOYED.
Related bugs:
* bug 944325: no separation of instance id from node id
Related branches
lp:~allenap/maas/node-oauth-creds
- Andres Rodriguez (community): Needs Information
- Blake Rouse (community): Approve
-
Diff: 536 lines (+181/-72)12 files modifiedsrc/maasserver/models/interface.py (+19/-14)
src/maasserver/models/node.py (+12/-14)
src/maasserver/models/signals/__init__.py (+5/-3)
src/maasserver/models/signals/nodes.py (+37/-0)
src/maasserver/models/signals/tests/test_nodes.py (+74/-0)
src/maasserver/tests/test_commands_edit_named_options.py (+1/-1)
src/maasserver/tests/test_forms_nodegroup.py (+4/-0)
src/maasserver/utils/__init__.py (+0/-17)
src/maasserver/utils/tests/test_utils.py (+1/-17)
src/maasserver/websockets/tests/test_listener.py (+4/-0)
src/metadataserver/models/nodekey.py (+17/-6)
src/metadataserver/models/tests/test_nodekey.py (+7/-0)
summary: |
- previous occupent of node can use oauth creds to retrieve current - owner's user-data + previous owner of node can use oauth creds to retrieve current owner's + user-data |
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 1.9.0 |
Changed in maas: | |
importance: | High → Critical |
description: | updated |
Changed in maas: | |
assignee: | nobody → Gavin Panella (allenap) |
status: | Triaged → In Progress |
Changed in maas: | |
status: | In Progress → Fix Committed |
Changed in maas: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.