[Openstack-security] [openstack/keystone] SecurityImpact review request change Ie1a0c286ff7e513cd964d4a93855230c78b98c6c
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jul 24 21:46:41 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/109120
Log:
commit 391f794fdd5470c066e2d29a9b4a5e0c69f4e907
Author: Nathan Kinder <nkinder at redhat.com>
Date: Wed Jul 23 12:06:22 2014 -0700
Trust unit tests should target additional threat scenarios
This adds unit tests for two threat scenarios around the trust functionality
that are not currently tested.
The first scenario is related to deletion of a grant that has been previously
delegated via a trust. We need to ensure that executing a trust for a role that
the trustor no longer has is rejected.
The second scenario is related to an attempt to use a trust token with
impersonation to execute another trust as the impersonated user. We need to
ensure that a trust token can't be used to execute another trust.
SecurityImpact
Closes-Bug: #1347909
Change-Id: Ie1a0c286ff7e513cd964d4a93855230c78b98c6c
More information about the Openstack-security
mailing list