get_admin_context inadvertently elevates thread
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Samuel Matzek | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
Sahara |
Fix Released
|
Low
|
Unassigned |
Bug Description
Cinder's cinder.
This has security implications since any calls done after cinder.
This has serviceability implications because every call to get_admin_context will switch the thread's context, which changes the request ID. This makes it very difficult or impossible to use the request ID in log entries to follow a request through a flow.
The root cause is that cinder.
I looked at Nova and it does not have this problem.
I looked at Neutron and its get_admin_context flow does not have this problem but the neutron.context.py get_admin_
Those are the only other projects I checked.
I have not opened a bug against neutron or any other services since I am not sure on the procedures for security issues that hit multiple projects like this one.
Recreation code:
from cinder import context as cinder_context
from oslo_context import context
context.
print "Thread's context at start %s" % context.
admin_cxt = context.
print "Thread's context after oslo get_admin_context %s" % context.
admin_cxt = cinder_
print "Thread's context after cinder get_admin_context %s" % context.
Produces output:
Thread's context at start {'domain': None, 'project_domain': None, 'auth_token': None, 'resource_uuid': None, 'is_admin': False, 'user': None, 'tenant': None, 'read_only': False, 'show_deleted': False, 'user_identity': '- - - - -', 'request_id': 'req-9e09cfa9-
Thread's context after oslo get_admin_context {'domain': None, 'project_domain': None, 'auth_token': None, 'resource_uuid': None, 'is_admin': False, 'user': None, 'tenant': None, 'read_only': False, 'show_deleted': False, 'user_identity': '- - - - -', 'request_id': 'req-9e09cfa9-
Thread's context after cinder get_admin_context {'domain': None, 'project_name': None, 'project_domain': None, 'timestamp': '2015-10-
[1] https:/
tags: | added: liberty-backport-potential |
tags: | added: kilo-backport-potential |
Changed in ossa: | |
status: | Incomplete → Won't Fix |
description: | updated |
information type: | Private Security → Public |
Changed in cinder: | |
assignee: | nobody → Samuel Matzek (smatzek) |
status: | New → In Progress |
Changed in cinder: | |
status: | In Progress → Fix Committed |
Changed in sahara: | |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in sahara: | |
milestone: | none → mitaka-rc1 |
Changed in cinder: | |
status: | Fix Committed → Fix Released |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.