Comment 33 for bug 1324592
Revision history for this message
| Dolph Mathews (dolph) wrote Re: Trust scope can be circumvented by chaining trusts | #33 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
@Tristan:
1. User A trusts User B to impersonate them within the scope of Project X (using User A's roles AND identity).
2a. User B abuses the identity impersonation against keystone to delegate User A's authorization (either to User B, or to a third party) in Project Y, a secondary scope in which User A never intended to delegate authorization.
2b. Alternatively, User B abuses the identity impersonation against keystone to delegate *additional* authorization (either to User B, or to a third party) held by User A in Project X, including roles which User A never intended to delegate.
Also note that you should be able to avoid exposure by completely disabling support for trusts, by setting the following in keystone.conf:
[trust]
enabled = false
Trust support is enabled by default since Grizzly.