OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1711117] Re: paste_deploy flavor in sample configuration file shows misleading default


Apologies, we seem to have overlooked opening this.

** Information type changed from Private Security to Public

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Description changed:

- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an official OpenStack
- Security Advisory. This includes discussion of the bug or associated
- fixes in public forums such as mailing lists, code review systems and
- bug trackers. Please also avoid private disclosure to other individuals
- not already approved for access to this information, and provide this
- same reminder to those who are made aware of the issue prior to
- publication. All discussion should remain confined to this private bug
- report, and any proposed fixes should be added to the bug as
- attachments.
- 
- --
- 
  The "flavor" option of the "[paste_deploy]" section defaults to "None",
  but the sample configuration and documentation [1] suggests that it is
  "keystone". This can lead to unsecure deployments without
  authentication. The "glance-api.conf" file shows the following:
  
      #
      # Deployment flavor to use in the server application pipeline.
      #
      # Provide a string value representing the appropriate deployment
      # flavor used in the server application pipleline. This is typically
      # the partial name of a pipeline in the paste configuration file with
      # the service name removed.
      #
      # For example, if your paste section name in the paste configuration
      # file is [pipeline:glance-api-keystone], set ``flavor`` to
      # ``keystone``.
      #
      # Possible values:
      #     * String value representing a partial pipeline name.
      #
      # Related Options:
      #     * config_file
      #
      #  (string value)
      #flavor = keystone
  
  This is misleading and can lead operators to think that the default
  flavor being used is "keystone", but this is not the case:
  
      DEBUG glance.common.config [-] paste_deploy.flavor            = None
  log_opt_values /usr/lib/python2.7/dist-packages/oslo_config/cfg.py:2626
  
  Previously, in Mitaka, the flavor was defined something like this:
  
      # Partial name of a pipeline in your paste configuration file with the
      # service name removed. For example, if your paste section name is
      # [pipeline:glance-api-keystone] use the value "keystone" (string
      # value)
      #flavor = <None>
  
  Therefore, somebody upgrading from a previous version would think that
  the default is now set to "keystone" instead of "None". In such cases
  the operator could remove the "flavor=keystone" definition, assuming
  that the default value is correct.
  
  Moreover, the configuration reference states that the default is
  "keystone" [1], but this is not the case as the option does not set a
  default vale, but a sample default [2]
  
  [1] https://docs.openstack.org/glance/latest/configuration/glance_api.html#paste_deploy
  [2] https://github.com/openstack/glance/blob/c4b0fbe632f759b00a1c326c17a05f134e93553d/glance/common/config.py#L33
  
  Taking into account that if the flavor for paste is not set this will
  lead to a deployment without authentication.
  
  If the sample default is different from the actual default, this should
  be stated clearly in the comment for that option.

** Tags added: security

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1711117

Title:
  paste_deploy flavor in sample configuration file shows misleading
  default

Status in Glance:
  New
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The "flavor" option of the "[paste_deploy]" section defaults to
  "None", but the sample configuration and documentation [1] suggests
  that it is "keystone". This can lead to unsecure deployments without
  authentication. The "glance-api.conf" file shows the following:

      #
      # Deployment flavor to use in the server application pipeline.
      #
      # Provide a string value representing the appropriate deployment
      # flavor used in the server application pipleline. This is typically
      # the partial name of a pipeline in the paste configuration file with
      # the service name removed.
      #
      # For example, if your paste section name in the paste configuration
      # file is [pipeline:glance-api-keystone], set ``flavor`` to
      # ``keystone``.
      #
      # Possible values:
      #     * String value representing a partial pipeline name.
      #
      # Related Options:
      #     * config_file
      #
      #  (string value)
      #flavor = keystone

  This is misleading and can lead operators to think that the default
  flavor being used is "keystone", but this is not the case:

      DEBUG glance.common.config [-] paste_deploy.flavor            =
  None log_opt_values /usr/lib/python2.7/dist-
  packages/oslo_config/cfg.py:2626

  Previously, in Mitaka, the flavor was defined something like this:

      # Partial name of a pipeline in your paste configuration file with the
      # service name removed. For example, if your paste section name is
      # [pipeline:glance-api-keystone] use the value "keystone" (string
      # value)
      #flavor = <None>

  Therefore, somebody upgrading from a previous version would think that
  the default is now set to "keystone" instead of "None". In such cases
  the operator could remove the "flavor=keystone" definition, assuming
  that the default value is correct.

  Moreover, the configuration reference states that the default is
  "keystone" [1], but this is not the case as the option does not set a
  default vale, but a sample default [2]

  [1] https://docs.openstack.org/glance/latest/configuration/glance_api.html#paste_deploy
  [2] https://github.com/openstack/glance/blob/c4b0fbe632f759b00a1c326c17a05f134e93553d/glance/common/config.py#L33

  Taking into account that if the flavor for paste is not set this will
  lead to a deployment without authentication.

  If the sample default is different from the actual default, this
  should be stated clearly in the comment for that option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1711117/+subscriptions