oslo.messaging

Notifications should not include auth token

Bug #1072669 reported by Sandy Walsh on 2012-10-29

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	oslo.messaging	Expired	Undecided	Unassigned

Bug Description

The auth token is part of the context and is being included in all Event Notifications. Exposing the auth token is a potential security risk. It should be stripped out before sending the event.

Tags:

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-10-29:

Just for my information (and please excuse my ignoranceà, who actually gets notified in events ?
Trying to see if that could be exploited the way it is, or if it's just a welcome security stregthening improvement.

Revision history for this message

Sandy Walsh (sandy-walsh) wrote on 2012-10-29:

Notifications are off by default, so there's no exposure. Usually it's only turned on for billing purposes and that would be internal use only. So I would classify it as low risk.

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2012-10-30:

Newbie questions - How does one switch it on? where exactly does the auth token show up? (logs?)

Revision history for this message

Sandy Walsh (sandy-walsh) wrote on 2012-10-30:

@dims-v it shows up in the JSON payload of the event. You can enable it if you follow the "Configuring Nova to generate Notification" steps outlined in the README here: https://github.com/rackspace/stacktach

Michael Still (mikal) on 2012-10-30

Changed in nova:
status:	New → Triaged
importance:	Undecided → High

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-10-31:

Converted to "welcome security stregthening improvement" status

tags:	added: security
information type:	Public Security → Public

Revision history for this message

Russell Bryant (russellb) wrote on 2013-01-14:

This is really an issue with the rpc code in oslo-incubator, so I'm going to move this bug.

affects:

nova → oslo

Revision history for this message

Andrew Bogott (andrewbogott) wrote on 2013-01-14:

Pretty sure this is just backing up what Russell just said, but just to make sure:

It is useful for the auth token to be passed /to/ the notification code, because certain notifiers (specifically custom ones that use the plugin framework) may make appropriate use of it. The notification drivers themselves should strip out the auth before writing the notification to a log or putting it on the wire or whatever.

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-03-12:

Looks like we are unsure this should be solved.

Changed in oslo:
importance:	High → Undecided
status:	Triaged → Incomplete

Doug Hellmann (doug-hellmann) on 2014-09-05

affects:

oslo-incubator → oslo.messaging

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-01-30:

[Expired for oslo.messaging because there has been no activity for 60 days.]

Changed in oslo.messaging:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.