[Openstack-security] Fwd: [Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!
Kurt Seifried
kseifried at redhat.com
Thu Dec 26 20:38:44 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/26/2013 11:31 AM, Sriram Subramanian wrote:
> Thierry, Thiago hasn't responded yet on the admin/ non-admin user
> part. Looks like that is the issue. I have pinged him to file a bug
> with more details, so that it will be acted upon.
>
> Thanks, -Sriram
>
Is this something that needs to be better documented perhaps, or have
a warning label? E.g. Python pickle():
http://docs.python.org/2/library/pickle.html
"Warning The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data
received from an untrusted or unauthenticated source."
Perhaps something like "Warning the admin user is intended to blahblah
don't hand it out to tenants/etc."
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSvJPTAAoJEBYNRVNeJnmTmewQAJYAYWVXtGj92iLuLjqQWvlG
8hKY1d10QJWqb/vWxTP8tFZ8EXYvRlhrNYpUl2TM0KeHoMrrjtZZIldYeWN0ERGz
uYB9CvEwB59GehkFiTyfxt5Xxsv/wdCxoyaKCptDG8yyo2CnWfVoEWJn/33vd3N7
+N4ZjEaOUk7yLgw2djQasr/j/uCAQManNt/8x6MhsBdPASUIO7rAJowpw/dx+puF
L7jaEdUZmaQBEagW8L58gZFZuBzpe8r5P41FkqzL8gPBB111//veHNsI3AmNczoI
aK0AEdKj4B/0OICDS2sXCFu7yj3KuBb0astGjumNPhYOpgwv1Bbs4VzwBYiiPIaS
i8A3iwXyNSnEWLuLdzZNMuB8qutFvilAhZlMOG8w9S6EX3sq7F/+TXFVIc0vaTHG
JRukrdoqr7O728EhT2ieVyNBO6Wr1rfyg1Ao8naccuO6HwmdZhUOZKI406Kz7Dpr
X3AkChHFLw3sEv8Q7gW4Yevn9yw4BWmfkDoy+Z3D/tFN895bbguoQiw0Q6TRqt+M
zFiwqBWQp+DSA9JxwXeRAYNY+fKPIntfNMU8dc95h95VNJ2WUxLamNdg5UlDBiA2
TAJZA/E/r0Aw+blVwFcKTmW45Q3edO0lA+LrjGoXPc9OiiuCvitmHTEFxAL8A0Jx
w5AYVY2WjI43Zplm2ib3
=OtzF
-----END PGP SIGNATURE-----
More information about the Openstack-security
mailing list