Comment 15 for bug 1282865

Suggested revisions to impact description:

"Note that it is related to a bad interaction between auth_token and eventlet that is fixed if the process used eventlet thread monkey patching." -> "Note that it is related to a bad interaction between eventlet and python-memcached that is fixed if the process uses eventlet to monkey patch 'thread'."

- it's really an issue between the python-memcached and eventlet; auth_token just happens to optionally consume python-memcached while being (typically) served by eventlet (**this may affect any other service using memcached + eventlet**)
- thread is worth putting in quotes IMO, because it actually results in 3 modules being patched (thread, threading and Queue) [1]

"inherit another authenticated user's role resulting in a privilege escalation" -> "assume another authenticated user's complete identity and multi-tenant authorization, potentially resulting in a privilege escalation"

- "role" is a little too narrow if I'm being pedantic -- it's not just role confusion, or authorization confusion, but completely picking up another user's authentication + authorization
- "inherit" seems to imply that it's added on to the existing (valid) authn + authz, when it fact it just replaces it
- "resulting in privilege escalation" is just a potential / likelihood, but it's not a guaranteed outcome, i suppose

[1] http://eventlet.net/doc/patching.html#monkeypatching-the-standard-library