[Openstack-security] [Bug 1499555] Re: You can crash keystone or make the DB very slow by assigning many roles
David Stanek
dstanek at dstanek.com
Fri Oct 16 17:46:43 UTC 2015
Does this make all of Keystone slow or just the creating the token for
the user with that many roles? This also you can't just do this to an
arbitrary cloud unless they relax the default policy of who can create
roles.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1499555
Title:
You can crash keystone or make the DB very slow by assigning many
roles
Status in Keystone:
Triaged
Bug description:
This is applicable for UUID and PKI tokens.
Token table has extra column where we store role information. It is a
blob with 64K limit. Basically we can do the following to fill the
BLOB
Say user is U, and Project is P
for i =1 to 1000 ( or any large number)
role x = create role i with some large name
assign role x for user U and Project P
create a project scoped token for user U
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1499555/+subscriptions
More information about the Openstack-security
mailing list