[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Martinx - ジェームズ thiagocmartinsc at gmail.com
Fri Dec 27 06:14:00 UTC 2013


Hi Sriram!

I did not filled a bug yet...

1- Yes, plain Havana vanilla install, on top of Ubuntu 12.04.3 + Cloud
Archives. Installed using aptitude / apt-get.

2- "Tenant A" and "Tenant B" have only 1 user each, none of it are admin.
Both users was created by me, using the Dashboard, first, Project A with
User A, later, Project B with User B. In any moment I created a "regular
user" with admin permissions (they have "Member-role" only). I don't think
I created a regular user with "admin" role, instead of "Member", I know
this is a important step...    =)

It would be awesome to chat with you on GTalk or Skype!

I'll fill a bug.

Thank you!

Best,
Thiago


On 24 December 2013 19:24, Sriram Subramanian <sriram at sriramhere.com> wrote:

> Thiago,
>
> Did you get to file a bug? In between, I am reaching out to see some
> anything missing obvious here
>
> 1) Is this plain vanilla install? How did you install?
>
> 2) Who are Tenant A's users and Tenant B's? What kind of roles do they
> have? Are you able to see this from all Tenant A users (including non-admin
> users)
>
> I will be happy to get on Skype or Google chat.
>
> This apart, please file a bug with attachments and details. Let it take
> its course.
>
> thanks,
> _Sriram
>
>
>
>
> On Mon, Dec 23, 2013 at 2:47 PM, Martinx - ジェームズ <
> thiagocmartinsc at gmail.com> wrote:
>
>> Okay! I'll fill a BUG for "nova", and I'll let my system untouched, so,
>> the experts will be able to see the problem alive.
>>
>> I can share passwords, my screen using Google Remote Desktop (Teamviewer
>> or something), tmux ssh consoles, no problem...    =)
>>
>> Hey man! There is nothing to forgive my friend... I appreciate your
>> reply!   ^_^
>>
>> Tks!
>> Thiago
>>
>>
>> On 23 December 2013 20:15, Jay Pipes <jaypipes at gmail.com> wrote:
>>
>>> On 12/23/2013 05:06 PM, Jeffrey Walton wrote:
>>>
>>>> On Mon, Dec 23, 2013 at 4:54 PM, Jay Pipes <jaypipes at gmail.com> wrote:
>>>>
>>>>> On 12/23/2013 04:32 PM, Jeffrey Walton wrote:
>>>>>
>>>>>>
>>>>>>   > This security breach is happening right now here and I
>>>>>>   > don't know what can I do to fix it, or what should I type
>>>>>>   > on a BUG at Launchpad...
>>>>>> Ubuntu has made it all but impossible to file bug reports. Their
>>>>>> circular redirects are worse than a telephone menu system that takes
>>>>>> you
>>>>>> down a bunch of dead-end paths. Unless you have the URL jotted down
>>>>>> in a
>>>>>> notebook....
>>>>>>
>>>>>
>>>>>
>>>>> It's only impossible if you don't read any directions.
>>>>>
>>>>> https://bugs.launchpad.net/nova/+filebug
>>>>>
>>>> Hardly. Start here and try: https://help.ubuntu.com/
>>>> community/ReportingBugs.
>>>>
>>>
>>> Googling for "how to report bug openstack":
>>>
>>> http://docs.openstack.org/trunk/openstack-ops/content/report_bugs.html
>>>
>>> -jay
>>>
>>>
>>> _______________________________________________
>>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
>>> openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
>>> openstack
>>>
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
>
> --
> Thanks,
> -Sriram
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131227/e37f32a5/attachment.html>


More information about the Openstack mailing list