OpenStack Shared File Systems Service (Manila)

[db] default value for project_only allows non-secure access

Bug #1866951 reported by Goutham Pacha Ravi
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Triaged
Low
Goutham Pacha Ravi

Bug Description

In a multi-tenant environment, it is critical to have rule based access control tightened around project resources. While fixing two security bugs around loose RBAC [1][2], it was suggested that a fix be made to the base "model_query" to tighten the default value for "project_only" [3]. Setting project_only to "True" by default might prevent further transgressions as resources and APIs continue to be built.

[1] https://bugs.launchpad.net/bugs/1861485
[2] https://bugs.launchpad.net/manila/+bug/1654598
[3] https://opendev.org/openstack/manila/src/commit/947315f0903c823b0fdd9d99c60078814587272c/manila/db/sqlalchemy/api.py#L226-L246

Goutham Pacha Ravi (gouthamr)
Changed in manila:
assignee: nobody → Goutham Pacha Ravi (gouthamr)
Revision history for this message
Vida Haririan (vhariria) wrote :

Additional comments http://eavesdrop.openstack.org/meetings/manila/2020/manila.2020-03-12-15.01.log.html

Vida Haririan (vhariria)
Changed in manila:
importance: Medium → Low
Revision history for this message
Vida Haririan (vhariria) wrote :

See additional related discussions at https://meetings.opendev.org/meetings/manila/2023/manila.2023-03-23-15.00.log.html

Vida Haririan (vhariria)
Changed in manila:
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.