context.elevated: copy.copy causes admin role leak
Bug #1386932 reported by
Amir Sadoughi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
High
|
Jay Bryant | ||
OpenStack Compute (nova) |
Fix Released
|
High
|
Matthew Gilliard | ||
Liberty |
Fix Released
|
High
|
Matt Riedemann | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
High
|
Valeriy Ponomaryov | ||
neutron |
Fix Released
|
Undecided
|
Ann Taraday | ||
Juno |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
In neutron/context.py,
```
context = copy.copy(self)
if 'admin' not in [x.lower() for x in context.roles]:
```
copy.copy should be replaced by copy.deepcopy such that the list reference is not shared between objects. From my cursory search on github this also affects cinder, gantt, nova, neutron, and manila.
Changed in cinder: | |
status: | New → Confirmed |
Changed in manila: | |
assignee: | nobody → Valeriy Ponomaryov (vponomaryov) |
information type: | Private Security → Public |
Changed in neutron: | |
assignee: | nobody → Ann Kamyshnikova (akamyshnikova) |
Changed in manila: | |
status: | New → In Progress |
importance: | Undecided → High |
Changed in nova: | |
assignee: | nobody → Matthew Gilliard (matthew-gilliard-u) |
Changed in nova: | |
importance: | Undecided → High |
Changed in cinder: | |
milestone: | none → kilo-1 |
Changed in cinder: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in manila: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | kilo-1 → 2015.1.0 |
Changed in neutron: | |
milestone: | kilo-1 → 2015.1.0 |
Changed in cinder: | |
milestone: | kilo-1 → 2015.1.0 |
Changed in manila: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
I wonder if there are features that rely on this bug since it's been in the code for a while.