Horizon is affected because as long as cinderclient <1.4.0, if the user
is logged in with admin permissions, the user lists all cinderbackup
resources instead of the ones of his own tenant, with the reisk of
tampering with ressources from another tenant/user.
** Also affects: horizon
Horizon is affected because as long as cinderclient <1.4.0, if the user
is logged in with admin permissions, the user lists all cinderbackup
resources instead of the ones of his own tenant, with the reisk of
tampering with ressources from another tenant/user.
** Also affects: horizon
This can be a security issue, because openstack admins may not be aware
that they are seeing other users' cinder backup ressources and can
delete them.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server
This can be a security issue, because openstack admins may not be aware
that they are seeing other users' cinder backup ressources and can
delete them.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Thanks a lot Jeremy for the the link and clarification.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder backup-list is always listing all tenants's bug for admin
To manage
Thanks a lot Jeremy for the the link and clarification.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient in Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder backup-list is always listing all tenants's
Indeed, I agree that there is no risk for a "malicious actor" to use this flow.
However there is a confirmed risk that an openstack admin can accidentally
delete backups which he should not delete (and it DID happen, sadly...), when
the admin is asked to launch scripts (ospurge) used to delete
Indeed, I agree that there is no risk for a "malicious actor" to use this flow.
However there is a confirmed risk that an openstack admin can accidentally
delete backups which he should not delete (and it DID happen, sadly...), when
the admin is asked to launch scripts (ospurge) used to delete
Sure, I completely agree with that.
There should be a way to differentiate security issues in terms of
"vulnerability" (which is not the case here) and security issues in
terms of "risks of destroying data" due to a bug (which is the case
here).
--
You received this bug notification because you
Sure, I completely agree with that.
There should be a way to differentiate security issues in terms of
"vulnerability" (which is not the case here) and security issues in
terms of "risks of destroying data" due to a bug (which is the case
here).
--
You received this bug notification because you
There is a potential risk of deleting all volume backups of a production
system with ospurge and python-cinderclient < 1.4.0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder
** Also affects: python-cinderclient (Ubuntu)
Importance: Undecided
Status: New
** Changed in: python-cinderclient (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: python-cinderclient (Ubuntu)
Importance: Undecided
Status: New
** Changed in: python-cinderclient (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient
med
** Changed in: ospurge
Assignee: (unassigned) => Yves-Gwenael Bourhis (yves-gwenael-bourhis)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient in Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
med
** Changed in: ospurge
Assignee: (unassigned) => Yves-Gwenael Bourhis (yves-gwenael-bourhis)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder backup-list is always listi
There is a potential risk of deleting all volume backups of a production
system with ospurge and python-cinderclient < 1.4.0
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient in Ubuntu.
The only work around I found was to configure redshift with manual
location, and to have a script launched buy my window manager (I use
'mate') which automatically configures the location in the
~/.config/redshift.conf file.
Like this:
https://gist.github.com/ygbourhis/53f1ef5c6cb4b70ba910
So
I don't konw if this may help for the ones who will try to fix this,
but:
Since it works in command line, and there are strictly no errors in
dmesg, since the device is properly mounted and writable in CLI, it's
not a low level issue.
Since the issue is not really desktop dependent meaning that
I confirm this in Linux mint quiana with CAJA (mate desktop) and an NTFS
formated USB hard drive.
Now the most weird thing of all is : if I open a terminal anc cd to the mounted
folder, I can write anything from command line, permissions show it's writeable
and I CAN WRITE using CLI. BUT only
I confirm for linux mint, and also with caja (changed the tittle).
The issue is random, and disappears after a reboot...
I know as a developer that random issues are extremely hard to solve as
long as we don't find a way to systematically reproduce it.
** Changed in: linuxmint
Status: New
yves@paradox ~ $ dpkg -l | grep -i libinput
ii libinput-bin 1.10.4-1ubuntu0.18.04.1
amd64input device management and event handling library
- udev quirks
ii libinput-tools 1.10.4-1ubuntu0.18.04.1
For your knowledge, they refused here to fix the issue which was opened 12
years ago:
https://bugs.freedesktop.org/show_bug.cgi?id=11833
** Bug watch added: freedesktop.org Bugzilla #11833
https://bugs.freedesktop.org/show_bug.cgi?id=11833
--
You received this bug notification because you
** Also affects: xserver-xorg-input-libinput (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/602809
Title:
add Mouse Click Debounce Feature?
To
I confirm having the same issue on Ubuntu 20.04:
yves@laptop:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.2 LTS"
yves@laptop:~$ dpkg -l | grep -i hplip
ii hplip 3.20.3+dfsg0-2
24 matches
Mail list logo