openstack
/
magnum
Code Issues Proposed changes
magnum/magnum
History
Johannes Grassler 8a9e4089aa Fix CVE-2016-7404 
This commit is a bare-bones stable/mitaka backport of the fix for
CVE-2016-7404. It only retains

* Permissions for /etc/sysconfig/heat-params inside Magnum
  created instances are tightened to 0600 (used to be 0755).

from the original patch. This was done for two reasons:

* Since stable/mitaka only passes tokens (which expire eventually)
  an attacker would have to gain access to the instance within
  a very short time window (the token expiration time).

* Backporting the remaining changes would have required
  backporting the trusts infrastructure that was only
  completed in stable/newton. This would mean a considerable
  change in the stable/mitaka default behaviour.

Please note, that this change does not apply apply to existing
clusters. They will have to be deleted and rebuilt to benefit
from these changes.

(cherry picked from commit 0bb0d6486d)

Change-Id: I329d29cdcce2225f8aa5b57852e6a37d4f8aaa3e
 		2017-02-26 14:46:03 +00:00
..
api Bay name must start with alphabets only 2016-07-30 17:46:44 +02:00
cmd Fix config parser error magnum-template-manage list-templates 2016-03-17 13:56:15 +08:00
common Allow passing a "insecure" flag in trusts 2016-07-28 20:38:01 -07:00
conductor Merge "Cleanup dict usage in bay_conductor" 2016-03-17 20:56:42 +00:00
db Remove unused attribute "ssh_authorized_key" 2016-02-28 15:33:56 -05:00
hacking WSGI enfore fails should return 403 instead of 500 2016-01-04 16:36:30 -05:00
locale Imported Translations from Zanata 2016-01-18 06:03:23 +00:00
objects Use obj_attr_is_set to check whether an attr is set in oslo_versionedobject 2016-03-01 23:20:19 +08:00
public/css Incorporate feedback from the Initial commit review 2014-11-18 14:25:08 +00:00
service Replace string format arguments with function parameters 2016-02-20 23:39:33 +08:00
servicegroup Cleanup MagnumService Object usage 2016-01-29 15:39:28 +08:00
templates Fix CVE-2016-7404 2017-02-26 14:46:03 +00:00
tests Fix gate: caused by tempest(removal of "service" param) 2017-02-25 12:08:32 -05:00
MANIFEST.in Initial commit from github (squashed) 2014-11-18 09:23:37 -05:00
__init__.py Initial commit from github (squashed) 2014-11-18 09:23:37 -05:00
i18n.py Setup for translation 2015-05-24 03:13:55 +00:00
opts.py Merge "Load wsgi app(api) with paste.deploy" 2016-03-09 17:36:46 +00:00
version.py Remove coding:utf-8 2015-08-03 23:28:22 +08:00