[db] default value for project_only allows non-secure access

Bug #1866951 reported by Goutham Pacha Ravi
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Triaged
Low
Goutham Pacha Ravi

Bug Description

In a multi-tenant environment, it is critical to have rule based access control tightened around project resources. While fixing two security bugs around loose RBAC [1][2], it was suggested that a fix be made to the base "model_query" to tighten the default value for "project_only" [3]. Setting project_only to "True" by default might prevent further transgressions as resources and APIs continue to be built.

[1] https://bugs.launchpad.net/bugs/1861485
[2] https://bugs.launchpad.net/manila/+bug/1654598
[3] https://opendev.org/openstack/manila/src/commit/947315f0903c823b0fdd9d99c60078814587272c/manila/db/sqlalchemy/api.py#L226-L246

Changed in manila:
assignee: nobody → Goutham Pacha Ravi (gouthamr)
Revision history for this message
Vida Haririan (vhariria) wrote :
Vida Haririan (vhariria)
Changed in manila:
importance: Medium → Low
Revision history for this message
Vida Haririan (vhariria) wrote :
Vida Haririan (vhariria)
Changed in manila:
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.