[Yahoo-eng-team] [Bug 1386932] Re: context.elevated: copy.copy causes admin role leak

Thierry Carrez Thu, 18 Dec 2014 02:42:28 -0800

** Changed in: cinder
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1386932


Title:
  context.elevated: copy.copy causes admin role leak

Status in Cinder:
  Fix Released
Status in Manila:
  Fix Committed
Status in OpenStack Neutron (virtual network service):
  Fix Committed
Status in neutron juno series:
  Fix Released
Status in OpenStack Compute (Nova):
  Fix Committed
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  In neutron/context.py,

  ```
          context = copy.copy(self)
          context.is_admin = True

          if 'admin' not in [x.lower() for x in context.roles]:
              context.roles.append('admin')
  ```

  copy.copy should be replaced by copy.deepcopy such that the list
  reference is not shared between objects. From my cursory search on
  github this also affects cinder, gantt, nova, neutron, and manila.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1386932/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1386932] Re: context.elevated: copy.copy causes admin role leak

Reply via email to