[Openstack-security] [openstack/keystone] SecurityImpact review request change Ie1a0c286ff7e513cd964d4a93855230c78b98c6c
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Aug 1 17:31:21 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/109120
Log:
commit 23b2c8476051eacf3c4f08fbe32667886c7aa234
Author: Nathan Kinder <nkinder at redhat.com>
Date: Wed Jul 23 12:06:22 2014 -0700
Trust unit tests should target additional threat scenarios
This adds unit tests for two threat scenarios around the trust functionality
that are not currently tested.
The first scenario is related to deletion of a grant that has been previously
delegated via a trust. We need to ensure that executing a trust for a role that
the trustor no longer has is rejected.
The second scenario is related to an attempt to use a trust token with
impersonation to execute another trust as the impersonated user. We need to
ensure that a trust token can't be used to execute another trust.
SecurityImpact
Closes-Bug: #1347909
Change-Id: Ie1a0c286ff7e513cd964d4a93855230c78b98c6c
More information about the Openstack-security
mailing list