[openstack-dev] [stable] Swift object-updater and container-updater
Jay S. Bryant
jsbryant at electronicjungle.net
Fri Jan 9 20:22:33 UTC 2015
It is important to understand that Icehouse has gone into a security
fixes only mode. It is too late in the stable process to be making
notable changes for anything other than security issues.
The patch for the fork bomb like problem in object-auditor is in
Icehouse: https://review.openstack.org/#/c/126371/ So, we do not need
to worry about that one. The other two problems are not really security
problems as they cause the object-updater and container-updater to throw
an exception and exit. The behavior is irritating but not a security risk.
So, I think the fix that you are really asking to have fixed in
Icehouse, has already merged. I will propose the other fixes back to
stable/juno but don't feel they warrant a change in Icehouse.
I hope this clarifies the situation.
On 01/08/2015 09:21 AM, Minwoo Bae wrote:
> Hi, to whom it may concern:
> Jay Bryant and I would like to have the fixes for the Swift
> object-updater (https://review.openstack.org/#/c/125746/) and the
> Swift container-updater
> backported to Juno and then to Icehouse soon if possible. It's been in
> the queue for a while now, so we were wondering if we could have an
> estimated time for delivery?
> Icehouse is in security-only mode, but the container-updater issue may
> potentially be used as a fork-bomb, which presents security concerns.
> To further justify the fix, a problem of similar nature
> https://review.openstack.org/#/c/126371/(regarding the object-auditor)
> was successfully fixed in stable/icehouse.
> The object-updater issue may potentially have some security
> implications as well.
> Thank you very much!
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev