[Openstack-security] [Bug 1499555] Re: You can crash keystone or make the DB very slow by assigning many roles
Jeremy Stanley
fungi at yuggoth.org
Fri Oct 16 18:03:37 UTC 2015
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1499555
Title:
You can crash keystone or make the DB very slow by assigning many
roles
Status in Keystone:
Triaged
Status in OpenStack Security Advisory:
Incomplete
Bug description:
This is applicable for UUID and PKI tokens.
Token table has extra column where we store role information. It is a
blob with 64K limit. Basically we can do the following to fill the
BLOB
Say user is U, and Project is P
for i =1 to 1000 ( or any large number)
role x = create role i with some large name
assign role x for user U and Project P
create a project scoped token for user U
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1499555/+subscriptions
More information about the Openstack-security
mailing list