Hi All, Would someone help me understand some potentially dangerous interactions between allowed_address_pairs and security groups? My cloud is Icehouse at the moment, but the behaviour seems unchanged in master. [1]
Suppose a User wants to build an instance that acts as a router. User creates an instance named ROUTER with an interface that has an allowed_address_pair of 0.0.0.0/0. (to bypass the anti-spoofing security group feature) By default, ROUTER is in the 'default' security group. User also creates an instance named WEB. By default, WEB is in the 'default' security group. The 'default' security group allows inbound traffic from other hosts(and associated allowed_address_pairs) in the 'default' security group. Now, WEB receives all traffic from 0.0.0.0/0 because User didn't realize that allowed_address_pairs associated with ROUTER would effectively change all associated security groups to be fully permissive. Have I missed something? This seems like exceedingly dangerous behaviour. I've already seen two instances of this from my users. [1] https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_rpc_base.py#L287 Cheers, James -- James Dempsey Senior Cloud Engineer Catalyst IT Limited +64 4 803 2264 -- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
