[Openstack-security] [Bug 1499555] Re: You can crash keystone or make the DB very slow by assigning many roles

Dolph Mathews 1499555 at bugs.launchpad.net
Fri Sep 25 16:08:04 UTC 2015 

How does the crash come about? Reading a truncated JSON object back from
the DB, for example?

** Tags added: security

** Information type changed from Public to Public Security

** Changed in: keystone
   Importance: Undecided => Wishlist

** Changed in: keystone
   Importance: Wishlist => Medium

** Changed in: keystone
       Status: New => Triaged

** Tags added: perfr

** Tags removed: perfr
** Tags added: performance

** Tags added: pki

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1499555

Title:
  You can crash keystone or make the DB very slow by assigning many
  roles

Status in Keystone:
  Triaged

Bug description:
  This is applicable for UUID and PKI tokens.

  Token table has extra column where we store role information.  It is a
  blob with 64K limit. Basically we can do the following to fill the
  BLOB

     Say user is U, and Project is P
     for i =1  to  1000 ( or any large number)
          role x = create role i  with some large name
          assign role x for user U and Project P
         create a project scoped token for user U

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1499555/+subscriptions

More information about the Openstack-security mailing list