Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/18/2013 12:18 AM, Bryan D. Payne wrote:
> FWIW, I believe that one of the decision points here was that this 
> resource exhaustion attack is linear, rather than exponential.  So 
> it's not as bad as a traditional DoS attack.  I could see this one 
> going either way.  Happy to close the loop with VMT before
> publishing the note.  However, it may also be worth noting that
> this entire bug / OSN has been handled publicly.

Right, DoS is about more than just quadratic/exponential resource use.
Here the problem is that keystone crashes and dies, and you have some
serious problems until you get it restarted. With network access an
attacker can easily kill keystone repeatedly and make your life not fun.

> 
> Cheers, -bryan


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRb5kiAAoJEBYNRVNeJnmTEVoQAJ5rnKfuDA0uIPzm5cvylVd/
QG89bOuaN72p4rMj2HMzyW3CimzH8aBy4aBtoZza29grYjA/U7xbo/G7XdcaxwRR
Z20F32dz+duVZpigWECjb2SidukmmZxDTYYOpd1mk3vNV+mTAXz31yUtO+VhHw7y
Q4+XwVmZ8dDXQnzxs3LMPVvFyYlkqg9gsm82FVz/HomVZD6y9ZV7mFSnNvRIzezc
3mANVC3zQ46tb2wVpMthC4Q9oJDrj7bQSy2uQ3tSNlOX6kXg3cc/v6uFEl9QWdOT
H4TJg1Md55ukWewzc8aCPAXYMyanfqLmSGJuUlInsdMI9K84l9TiCv0rLyPApT9V
QcheUO1scSiV+LBY0mwzC7j89hhG6+YwyBAXXdc5LNYnv5ctZD+ZSjwi4sEyG6UT
Tb4uEmcVWV/EC1tzRGu1tICRIp/wCvghMDnqo6mpEw1YxMRlejerXIYToFi0u51f
8JQpwjmm1nkTJmLLCfxYRa9+0zZNbwaa62pL8QHAr7/YOz3Vh8yOQDVK/KxVJ634
PKq1N/g+gpV6425gOWKBgLO5dPGi0HpIH+CRRldDnkwOxCECwqFmP7g7sjQVyi1A
sWr+koGZWd98XeCv8NpETOkXimU23mVfqENEyL2F7UGeuNTDRLKx4hjRPeJGkM+s
GmMu+drbXpNA7Gno9YLy
=WK2E
-----END PGP SIGNATURE-----