| 2011-09-20 22:05:42 |
Ray Hookway |
bug |
|
|
added bug |
| 2011-09-20 22:25:39 |
Vish Ishaya |
nova: milestone |
|
2011.3 |
|
| 2011-09-20 22:25:42 |
Vish Ishaya |
nova: importance |
Undecided |
High |
|
| 2011-09-20 22:25:45 |
Vish Ishaya |
nova: status |
New |
In Progress |
|
| 2011-09-20 22:26:05 |
Vish Ishaya |
nova: assignee |
|
Ray Hookway (rjh) |
|
| 2011-09-21 15:12:06 |
Ray Hookway |
description |
EC2 commands which manipulate fixed_ips do not check that the user is associated with the project to which the address belongs. For example, ReleaseAddress can be used by a user who is a netadmin in one project to release an address which has been allocated to a second project of which the user is not a member. (See EC2 comment in floating_ip_deallocate: # TODO devcamcar): How to encure floating id belongs to user) |
EC2 commands which manipulate fixed_ips do not check that the user is associated with the project to which the address belongs. For example, ReleaseAddress can be used by a user who is a netadmin in one project to release an address which has been allocated to a second project of which the user is not a member. (See EC2 comment in floating_ip_deallocate: # TODO (devcamcar): How to ensure floating id belongs to user) |
|
| 2011-09-21 15:20:38 |
Ray Hookway |
bug |
|
|
added subscriber Phil Day |
| 2011-09-21 15:45:48 |
Ray Hookway |
description |
EC2 commands which manipulate fixed_ips do not check that the user is associated with the project to which the address belongs. For example, ReleaseAddress can be used by a user who is a netadmin in one project to release an address which has been allocated to a second project of which the user is not a member. (See EC2 comment in floating_ip_deallocate: # TODO (devcamcar): How to ensure floating id belongs to user) |
EC2 commands which manipulate floating_ips do not check that the user is associated with the project to which the address belongs. For example, ReleaseAddress can be used by a user who is a netadmin in one project to release an address which has been allocated to a second project of which the user is not a member. (See EC2 comment in floating_ip_deallocate: # TODO (devcamcar): How to ensure floating id belongs to user) |
|
| 2011-09-21 15:47:26 |
Ray Hookway |
attachment added |
|
0001-Check-if-the-floating-ip-belongs-to-the-project-if-t.patch https://bugs.launchpad.net/nova/+bug/855115/+attachment/2436359/+files/0001-Check-if-the-floating-ip-belongs-to-the-project-if-t.patch |
|
| 2011-09-21 15:51:14 |
Ray Hookway |
summary |
Unauthorized user can release fixed_ips |
Unauthorized user can release floating_ips |
|
| 2011-09-21 16:49:21 |
Vish Ishaya |
bug |
|
|
added subscriber Chris Behrens |
| 2011-09-21 19:44:22 |
Launchpad Janitor |
branch linked |
|
lp:~cbehrens/nova/lp855115-from-1541 |
|
| 2011-09-21 20:09:39 |
Chris Behrens |
branch linked |
|
lp:~cbehrens/nova/milestone-proposed.lp855115 |
|
| 2011-09-21 20:09:52 |
Chris Behrens |
branch unlinked |
lp:~cbehrens/nova/lp855115-from-1541 |
|
|
| 2011-09-21 20:14:06 |
Chris Behrens |
branch linked |
|
lp:~cbehrens/nova/lp855115 |
|
| 2011-09-21 20:57:38 |
Thierry Carrez |
bug |
|
|
added subscriber Thierry Carrez |
| 2011-09-21 21:31:39 |
OpenStack Infra |
nova: status |
In Progress |
Fix Committed |
|
| 2011-09-21 21:36:00 |
Thierry Carrez |
visibility |
private |
public |
|
| 2011-09-22 12:51:35 |
Thierry Carrez |
nova: status |
Fix Committed |
Fix Released |
|
