[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1669610
Title:
Insecure defaults for `openstack security group rule create`
Status in neutron:
Expired
Status in python-openstackclient:
Incomplete
Bug description:
It's really easy to open up access to anyone by mistake. If you supply
no options when creating a new rule, it defaults to allowing access to
all ports to any remote host.
I'm not sure what the right fix is, but I would expect that sort of
permissive access to be a bit harder to create.
# allow anyone to access any tcp port - so simple!
$ openstack security group rule create default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | None |
| description | None |
| direction | ingress |
| ether_type | IPv4 |
| id | 7d481fad-9b57-4e71-9d63-fbba895e1a6c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | c6f313e10752449ea9b70acfba353c80 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | a5fbd65f-e4da-47d3-90cb-8dfc81eccd66 |
| updated_at | None |
+-------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1669610/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
