Reviewed: https://review.openstack.org/127540 Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=c0d90a580f87dbbf71e3a5d5c1b5cf8d7c7245b2 Submitter: Jenkins Branch: proposed/juno
commit c0d90a580f87dbbf71e3a5d5c1b5cf8d7c7245b2 Author: Stuart McLaren <stuart.mcla...@hp.com> Date: Wed Jul 16 13:33:32 2014 +0000 Prevent setting swift+config locations Forbid setting 'swift+config' locations in a similar manner to 'file' for security reasons; knowledge of the reference name should not be exploitable. Setting swift+config had been prevented when swift was the default store, this patch changes to forbid setting no matter which store is the default. As with change id I75af34145521f533dcd6f5fd7690f5a68f3b44b3 this is v1 only for now. Change-Id: I62c4980bd5c2f3dd77fc40cd007bc1067eca63a4 Closes-bug: 1334196 ** Changed in: glance Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1334196 Title: User may be able to set 'system' style swift location Status in OpenStack Image Registry and Delivery Service (Glance): Fix Released Bug description: This change: https://review.openstack.org/#/c/98722/ Introduces a new system style swift scheme: swift+config A new function "validate_location" verifies that that scheme is not being set by a user when using the 'set location' functionality. However, that function will only perform that check if the default backend is swift. If the swift store is enabled but the default store is 'ceph' say then the base version of that function (which performs no checking) will be called. I think 'validate_location' should probably be removed and a check against 'swift+config' should be performed in _validate_source, in the same way as 'file' is checked there. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1334196/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp