[Openstack-security] [Bug 1499555] Re: You can crash keystone or make the DB very slow by assigning many roles
Tristan Cacqueray
tdecacqu at redhat.com
Tue Nov 17 18:07:38 UTC 2015
Then according to VMT taxonomy ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ), this sounds more like a class
D.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1499555
Title:
You can crash keystone or make the DB very slow by assigning many
roles
Status in OpenStack Identity (keystone):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
This is applicable for UUID and PKI tokens.
Token table has extra column where we store role information. It is a
blob with 64K limit. Basically we can do the following to fill the
BLOB
Say user is U, and Project is P
for i =1 to 1000 ( or any large number)
role x = create role i with some large name
assign role x for user U and Project P
create a project scoped token for user U
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1499555/+subscriptions
More information about the Openstack-security
mailing list