Monday, 2014-07-21

*** voodookid has joined #openstack-security00:01
*** voodookid has quit IRC00:20
*** tmcpeak has joined #openstack-security01:34
*** bdpayne has joined #openstack-security02:44
*** bdpayne has quit IRC03:19
*** voodookid has joined #openstack-security04:44
*** voodookid has quit IRC04:46
*** voodookid has joined #openstack-security04:48
*** voodookid has quit IRC04:49
*** voodookid has joined #openstack-security05:06
*** bdpayne has joined #openstack-security06:28
*** elo has quit IRC06:29
*** voodookid has quit IRC06:42
*** elo has joined #openstack-security07:11
*** bdpayne has quit IRC07:20
*** woaizhy has joined #openstack-security09:17
*** woaizhy has left #openstack-security09:20
*** elo has quit IRC11:10
*** elo has joined #openstack-security12:35
*** voodookid has joined #openstack-security13:04
*** nkinder has quit IRC13:16
*** bknudson has joined #openstack-security13:17
*** elo has quit IRC13:33
*** gabriela has joined #openstack-security13:33
*** gabriela has left #openstack-security13:34
*** elo has joined #openstack-security13:34
*** paulmo has joined #openstack-security13:39
*** gabriela has joined #openstack-security13:42
*** gabriela has left #openstack-security13:51
*** nkinder has joined #openstack-security14:10
*** voodookid has quit IRC14:16
*** voodookid has joined #openstack-security14:39
*** tmcpeak has joined #openstack-security14:58
*** malini1 has joined #openstack-security14:59
nkindertmcpeak: hey15:00
nkindertmcpeak: I just missed your ping yesterday15:00
tmcpeaknkinder: oh cool15:01
nkindertmcpeak: you have a tab in your glance patch15:01
tmcpeaknkinder: my checkin failed because of pep815:01
tmcpeaknkinder: tab?15:01
nkindertmcpeak: yep, a tab instead of a space15:01
nkinderor 4 spaces to be exact :)15:02
tmcpeaknkinder: oh yeah15:02
*** openstackgerrit has joined #openstack-security15:02
tmcpeaknkinder: so I'm pretty sure I know how to fix it, and I should have run tests locally (live and learn)15:02
nkindertmcpeak: line 13415:02
tmcpeaknkinder: this is a gift wrapped opportunity to practice my git chops though15:02
tmcpeakhow does this sound15:02
tmcpeak'git checkout xxx'15:02
tmcpeakfix the file15:02
paulmoIf you are using vim, there are some handy settings to help you be more compliant with OpenStack rules (like spaces used instead of tabs and such)15:02
tmcpeak'git add file'15:03
tmcpeakpaulmo: oh vim has some stuff?15:03
tmcpeak'git commit —amend'15:03
tmcpeak'git checkout master'15:03
tmcpeak'git pull'15:03
paulmotmcpeak: I use these settings in my ~/.vimrc:15:03
paulmosyntax on15:03
paulmoset expandtab15:03
paulmoset tabstop=415:03
paulmoset shiftwidth=415:03
tmcpeak'git checkout xxx'15:03
tmcpeakgit rebase (if necessary)15:04
tmcpeak'git review'15:04
tmcpeakpaulmo: sweet!15:04
paulmoNothing fancy but very useful15:04
tmcpeakpaulmo: thanks!15:04
nkindertmcpeak: sounds like you got it!15:04
tmcpeaknkinder: woohoo!15:04
tmcpeakanybody looking at this guy yet?15:09
tmcpeaknkinder: ok, the dreaded rebase15:11
tmcpeaktime to RTFM and see how it goes :)15:12
tmcpeaknkinder: around?15:15
tmcpeakor paulmo: you know your stuff15:16
tmcpeakwant to double check my logic?15:16
nkindertmcpeak: yeah, I'm here15:16
tmcpeaknkinder: ok cool15:16
tmcpeakso master did have some changes, which I got with pull15:16
tmcpeakthen checkout xxx15:16
tmcpeakand git rebase master15:16
paulmoYep, half paying attention15:16
tmcpeaknow both branches have all the changes, right?15:16
nkindertmcpeak: they should.  No conflicts were found?15:17
tmcpeakso I can 'git review' in xxx branch15:17
tmcpeaknkinder: nope15:17
tmcpeaknkinder: just wanted to make sure that the git rebase actually pushed both changes to both branches15:17
nkindertmcpeak: I like to check with 'git status' and 'git log -2' to see if everything is kosher15:17
tmcpeakand not only one way15:17
nkindertmcpeak: your change will not be on master (which is how you want it)15:17
tmcpeakhmm, 'on branch fix-shell-injection' 'nothing to commit'15:17
tmcpeaknkinder: which I guess makes sense, it was already committed15:18
nkinderyeah, 'git commit --amend' committed it locally15:18
tmcpeakgit log -2 shows my change15:18
nkindergit review should push it up for review then15:19
tmcpeakbut how can I verify those changes from master made it to this branch?15:19
nkindertmcpeak: 'git log -2' on master15:19
tmcpeakoh, check the one before in git log -2?15:19
nkindertmcpeak: then go back to your branch and 'git log -3' should show your patch on top of the latest 2 from master15:19
tmcpeakyeah, I see15:19
tmcpeaknkinder: ok all good, thanks man15:20
nkindertmcpeak: sure15:20
tmcpeakok take two!15:20
tmcpeakyou guys see this one?15:21
tmcpeakObfuscation of config options marked as secret needs to be more opaque15:21
tmcpeakseemed like a good security hardening15:21
tmcpeakwonder why they decided not to fix it?15:21
*** elo has quit IRC15:25
*** elo has joined #openstack-security15:27
tmcpeakguess they will fix it, just not a vulnerability per-se15:36
tmcpeakso in this review in the latest OpenStack security digest, it is mentioning a change in /openstac/common/processutils.py15:45
tmcpeakand one of the parameters here is shell for subprocess, so might be worth looking for calls of this with shell=True in addition to the ones we were already looking at15:46
tmcpeaknkinder: around?15:52
tmcpeakor paulmo15:53
tmcpeaktrying to find this strutils.mask_password function and not seeing it15:53
paulmo   helpful?15:54
tmcpeakpaulmo: yeah, where in the code is that?15:54
tmcpeakI found this15:54
tmcpeakbut… the function isn't in there15:54
tmcpeakunless we're overloading the crap out of source names it should be in there, yeah?15:55
paulmoHere it is:
tmcpeakpaulmo: oh, it's in incubator? you know what the difference is?15:58
paulmoI would guess that it is new code that is trying to make it into core Oslo… but really, I'm not sure how that works exactly.15:58
tmcpeakahh ok15:58
tmcpeakpaulmo: thanks for the help!15:58
paulmoAnytime! :)15:58
*** gabriela1 has joined #openstack-security16:13
*** elo has quit IRC16:14
*** gabriela1 has left #openstack-security16:20
tmcpeakallright, patch went through16:45
tmcpeakif you guys could have a look, would appreciate it16:45
*** malini1 has quit IRC17:05
*** nkinder has quit IRC18:03
*** malini1 has joined #openstack-security18:04
*** nkinder has joined #openstack-security18:15
*** ved_lad has joined #openstack-security18:18
openstackgerritA change was merged to openstack/security-doc: last section in Service Authorization is confusing
*** elo has joined #openstack-security18:28
*** nkinder has quit IRC19:37
*** malini1 has quit IRC19:42
*** paulmo has quit IRC19:48
*** gabriela1 has joined #openstack-security19:49
*** malini1 has joined #openstack-security19:52
*** paulmo has joined #openstack-security19:53
gabriela1 kio19:54
paulmoCan we help you gabriela1?19:57
gabriela1can we help you paulumo20:02
*** gabriela1 has left #openstack-security20:04
*** tmcpeak has quit IRC20:05
*** tmcpeak has joined #openstack-security20:06
*** ved_lad has quit IRC20:23
*** nkinder has joined #openstack-security20:30
*** ved_lad has joined #openstack-security21:03
*** gabriela has joined #openstack-security21:08
gabriela nbhskdg21:08
*** gabriela has left #openstack-security21:08
*** tmcpeak has quit IRC21:11
*** malini1 has quit IRC21:22
*** voodookid has quit IRC21:34
*** ved_lad has quit IRC22:05
*** gmurphy has quit IRC22:09
*** bknudson has quit IRC22:20
*** ved_lad has joined #openstack-security22:27
*** malini1 has joined #openstack-security22:30
*** malini1 has quit IRC22:44
*** ved_lad has quit IRC22:54
*** nkinder has quit IRC23:01
*** malini1 has joined #openstack-security23:07
*** gmurphy has joined #openstack-security23:17
*** tmcpeak has joined #openstack-security23:27
*** bknudson has joined #openstack-security23:28
*** tmcpeak1 has joined #openstack-security23:39
*** sicarie has joined #openstack-security23:39
*** tmcpeak has quit IRC23:43
*** tmcpeak1 has quit IRC23:44
*** sicarie has quit IRC23:44
*** nkinder has joined #openstack-security23:54

Generated by 2.14.0 by Marius Gedminas - find it at!