[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
** Changed in: nova Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Compute (Nova): Fix Released Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
** Changed in: nova Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Compute (Nova): Confirmed Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
** Also affects: ossa Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): New Status in OpenStack Security Advisories: New Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
Adding nova team since it may also affect nova-vncproxy. My first take on this is that we generate a vncproxy token, so it's totally usable outside of the Horizon session. If the token is relatively short-lived, I see no security issue in that behavior ? ** Also affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): New Status in OpenStack Compute (Nova): New Status in OpenStack Security Advisories: Incomplete Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
>From a Nova perspective this is not a security issue. When console access is requested a token is returned as Thierry mentioned and as long as a valid token is used to access the console it doesn't matter if a user is logged into Horizon, or if they've reopened the tab. Essentially authorization is wrapped up in the token returned by Nova, not Horizon. There could be a feature request to provide token revocation which Horizon could use on logout though. ** Changed in: nova Status: New => Invalid ** Changed in: nova Importance: Undecided => Wishlist ** Changed in: nova Status: Invalid => Confirmed -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Compute (Nova): Confirmed Status in OpenStack Security Advisories: Incomplete Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
** Information type changed from Public Security to Public ** Tags added: security ** No longer affects: ossa -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Compute (Nova): Confirmed Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
** No longer affects: horizon -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Compute (nova): Confirmed Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1319640] Re: Console to instance persists even after logging out of Horizon
This wishlist bug has been open a year without any activity. I'm going to move it to "Opinion / Wishlist", which is an easily-obtainable queue of older requests that have come on. In case you want to work on that, consider writing a blueprints [1] and spec [2]. I'll recommend to read [3] if not yet done. The effort to implement the requested feature is then driven only by the blueprint (and spec). References: [1] https://blueprints.launchpad.net/nova/ [2] https://github.com/openstack/nova-specs [3] https://wiki.openstack.org/wiki/Blueprints ** Changed in: nova Status: Confirmed => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1319640 Title: Console to instance persists even after logging out of Horizon Status in OpenStack Compute (nova): Opinion Bug description: Steps to Recreate the bug 1. Log in through Horizon dashboard 2. Create an instance and wait till it is running 3. Console the VM from drop down menu for the instance 4. Open Console on new window. 5. Now log out of the dashboard 6. Scenario 1 : Now you can see that Instance console session still persists 7. Copy the URL of console window. 8. Close the Console window 9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console. 10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console I assume it must have been like, Session for the console must exit once the console is closed. Must not allow multiple sessions (Refering to Scenario 3) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1319640/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp