Minwoo,
It is important to understand that Icehouse has gone into a security
fixes only mode. It is too late in the stable process to be making
notable changes for anything other than security issues.
The patch for the fork bomb like problem in object-auditor is in
Icehouse: https://review.openstack.org/#/c/126371/ So, we do not need
to worry about that one. The other two problems are not really security
problems as they cause the object-updater and container-updater to throw
an exception and exit. The behavior is irritating but not a security risk.
So, I think the fix that you are really asking to have fixed in
Icehouse, has already merged. I will propose the other fixes back to
stable/juno but don't feel they warrant a change in Icehouse.
I hope this clarifies the situation.
Jay
On 01/08/2015 09:21 AM, Minwoo Bae wrote:
Hi, to whom it may concern:
Jay Bryant and I would like to have the fixes for the Swift
object-updater (https://review.openstack.org/#/c/125746/) and the
Swift container-updater
(https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z)
backported to Juno and then to Icehouse soon if possible. It's been in
the queue for a while now, so we were wondering if we could have an
estimated time for delivery?
Icehouse is in security-only mode, but the container-updater issue may
potentially be used as a fork-bomb, which presents security concerns.
To further justify the fix, a problem of similar nature
https://review.openstack.org/#/c/126371/(regarding the object-auditor)
was successfully fixed in stable/icehouse.
The object-updater issue may potentially have some security
implications as well.
Thank you very much!
Minwoo
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
