** Changed in: neutron/grizzly
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1190675
Title:
Grizzly quantum rootwrapper imports quantum code
Status in OpenStack Neutron (virtual network service):
Won't Fix
Status in neutron grizzly series:
Fix Released
Bug description:
https://review.openstack.org/#/c/13536/
introduced loading of quantum.utils into rootwrap, which is both slow
(as it loads a lot of other modules that nobody needs) and a potential
security issue due to the amount of code being run as root. While I
don't know of a way to exploit this I think it is a potential risk.
I suggest this part to be reverted for the quantum rootwrapper.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1190675/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
