Thursday, 2015-06-18

« Wednesday, 2015-06-17 Index Friday, 2015-06-19 »
*** sdake has quit IRC00:02
*** tmcpeak has quit IRC00:11
*** tmcpeak has joined #openstack-security00:33
*** jamielennox|away is now known as jamielennox00:35
*** jamielennox is now known as jamielennox|away01:00
*** jamielennox|away is now known as jamielennox01:08
*** Daviey has quit IRC01:13
*** Daviey has joined #openstack-security01:13
*** browne has quit IRC01:26
*** asrangne has joined #openstack-security01:46
*** asrangne__ has quit IRC01:49
*** asrangne has quit IRC01:51
*** bpokorny has quit IRC02:07
*** jian5397 has joined #openstack-security02:11
*** browne has joined #openstack-security02:12
*** jamielennox is now known as jamielennox|away02:20
*** jian5397 has quit IRC02:39
*** aswadr has joined #openstack-security02:40
*** jian5397 has joined #openstack-security02:52
*** tmcpeak has quit IRC03:01
*** jamielennox|away is now known as jamielennox03:03
*** jamielennox is now known as jamielennox|away03:15
*** jhfeng_ has joined #openstack-security03:25
*** jamielennox|away is now known as jamielennox03:25
*** jhfeng_ has quit IRC03:39
*** jian5397 has quit IRC03:45
*** sdake_ has quit IRC03:56
*** sdake_ has joined #openstack-security04:41
*** jamielennox is now known as jamielennox|away05:23
*** jamielennox|away is now known as jamielennox05:26
*** sdake_ has quit IRC05:45
*** shohel has joined #openstack-security06:36
*** alex_klimov has joined #openstack-security07:00
*** browne has quit IRC07:18
*** salv-orl_ has quit IRC07:40
*** dave-mccowan has joined #openstack-security10:21
*** salv-orlando has joined #openstack-security10:26
*** dave-mccowan has quit IRC10:26
*** dave-mccowan has joined #openstack-security10:27
*** salv-orl_ has joined #openstack-security10:29
*** salv-orlando has quit IRC10:31
*** asrangne has joined #openstack-security11:19
*** asrangne__ has joined #openstack-security11:20
*** aswadr has quit IRC11:21
*** asrangne has quit IRC11:24
*** sdake has joined #openstack-security11:27
*** shohel has quit IRC12:00
*** jian5397 has joined #openstack-security12:10
*** salv-orl_ has quit IRC12:11
*** bknudson has joined #openstack-security12:20
*** bknudson has quit IRC12:26
*** bknudson has joined #openstack-security12:43
*** jian5397 has quit IRC12:43
*** tmcpeak has joined #openstack-security13:04
*** salv-orlando has joined #openstack-security13:07
*** salv-orl_ has joined #openstack-security13:12
*** edmondsw has joined #openstack-security13:13
*** salv-orlando has quit IRC13:15
*** edmondsw has quit IRC13:27
*** singlethink has joined #openstack-security13:36
*** elmiko has joined #openstack-security13:37
*** singleth_ has joined #openstack-security13:45
*** singlethink has quit IRC13:48
*** sigmavirus24_awa is now known as sigmavirus2413:57
*** voodookid has joined #openstack-security13:57
*** jian5397 has joined #openstack-security14:09
*** edmondsw has joined #openstack-security14:10
*** localloop127 has joined #openstack-security14:11
DavieyHi, would someone mind giving another review to this anchor change? https://review.openstack.org/#/c/191899/14:32
DavieyI'm not sure i agree with the current review, and would like another take on it.  Ta14:32
*** browne has joined #openstack-security14:46
*** d-9 has joined #openstack-security14:56
tmcpeakDaviey: I've asked one of the other guys to take a look14:56
d-9Daviey Im just taking a look now :)14:58
Davieyta14:59
Daviey(if you agree with Stanislaw, i'll happily do the change)15:00
*** luigi has joined #openstack-security15:04
*** luigi is now known as Guest3191515:05
d-9Daviey hate to say it, but I'm with stan on this one, we've already had massive issues with people deploying Anchor, because PKI Is Hard, and Wierd PKI Is Harder, so we need the debug output to be as explicit as possible to the operators15:05
*** timkennedy has joined #openstack-security15:06
d-9this is something that generally needs fixing across the board tbh, but its a good spot by stan15:06
Davieyd-9: No, it is fair enough.  Happy to change it.15:06
d-9nice one, thanks for contributing15:08
d-9I'll add a comment ot the review on this subject15:08
*** Guest31915 has quit IRC15:10
Davieyd-9: So you think if there a lack of CN, it should be a validation error.  If we fail to read the CN, we throw a 500?15:11
d-9yeah i think that should be a validation error15:12
*** dwyde has joined #openstack-security15:12
Davieyd-9: Is it by design that we don't return the contents of the ValidationError back to the user?15:12
d-9yes that is the intention15:15
d-9the validation erros should go to a log stream viewable by the system administrator, (ideally via their SIEM), we dont want to pass the error back to the requestor, as that would help an attacker enumerate the validator ruleset15:16
d-9I say 'requestor' because its generally likely to be a script on a server rather than a user that is requesting the cert15:17
*** sdake has quit IRC15:23
*** browne has quit IRC15:27
openstackgerritDave Walker proposed stackforge/anchor: Handle omission of CN on CSR  https://review.openstack.org/19189915:31
Davieyd-9: Yeah, i assumed as much.. but wanted to check.  Thanks15:32
d-9that probably should be documented somewhere15:33
d-9at the moment its mostly in the heads of the cores15:33
*** bpokorny has joined #openstack-security15:35
*** sdake has joined #openstack-security15:35
*** singleth_ has quit IRC15:38
Davieyd-9: Making there should be a general project posture section in Readme?15:41
d-9yeh that would be a good move15:42
DavieyThat was real engrish right there.15:47
*** sicarie has joined #openstack-security15:52
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Creating dashboard case studies  https://review.openstack.org/19289615:58
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Creating dashboard case studies  https://review.openstack.org/19289616:01
*** d-9 has quit IRC16:06
*** alex_klimov has quit IRC16:07
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Creating dashboard case studies  https://review.openstack.org/19289616:08
*** jian5397 has quit IRC16:09
*** singlethink has joined #openstack-security16:14
*** jian5397 has joined #openstack-security16:16
*** openstackgerrit has quit IRC16:22
*** openstackgerrit has joined #openstack-security16:23
*** browne has joined #openstack-security16:26
*** singleth_ has joined #openstack-security16:30
*** singlethink has quit IRC16:34
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Creating dashboard case studies  https://review.openstack.org/19289616:51
*** dwyde has quit IRC16:56
*** bpokorny has quit IRC16:58
*** bpokorny_ has joined #openstack-security16:58
*** jian5397 is now known as michaelxin16:59
*** singleth_ is now known as singlethink17:00
*** bpokorny_ has quit IRC17:04
openstackgerritTravis McPeak proposed stackforge/bandit: Adding paramiko.exec_command check to blacklist functions  https://review.openstack.org/19292017:30
*** sdake_ has joined #openstack-security17:32
*** sdake has quit IRC17:36
*** asrangne__ has quit IRC17:37
*** michaelxin has quit IRC17:38
browneon bandit, i think we need a better way to handle bandit.yaml17:41
brownewhenever there is a change to bandit.yaml, that change also needs to be incorporated in any project using it since they have their own copy17:42
bknudsonfigured out the reason for the bandit failures in keystoneclient -- we've got a feature branch that doesn't include the commit.17:42
tmcpeakbrowne: yeah, I was thinking that too17:43
tmcpeakbknudson: ahh, makes sense17:44
brownetmcpeak: maybe just a matter of moving the profiles out of bandit.yaml, which projects usually customize most.  And then the default bandit.yaml is installed by bandit into /etc or something17:45
tmcpeakbrowne: yeah, maybe load bandit.yaml first, and then load the project's config so any settings are overridden?17:47
browneyeah, that would be good, but how would a project disable settings from the master bandit.yaml17:48
tmcpeakhmm, yeah good point.  It would be easy to add settings but not remove them :\17:48
*** first123 has joined #openstack-security17:50
*** openstackgerrit has quit IRC17:50
*** openstackgerrit has joined #openstack-security17:50
sigmavirus24Yeah sorry for the slowdown tmcpeak et all17:52
tmcpeakbrowne: you're right, invoke_shell is also vulnerable17:53
tmcpeakI'll add that as well17:53
sigmavirus24Free time has been limited for some personal reasons and also because I've started working on pyca/cryptography17:53
tmcpeakmy PoC was messed up because I didn't send newline17:53
sigmavirus24(Also because I work on lots of other projects in my free time too)17:53
tmcpeaksigmavirus24: a man with many projects :)17:53
elmikosigmavirus24: ooh, neat!17:53
sigmavirus24I've hated openssl for a while now17:53
sigmavirus24So I figured, why not work some more with it =P17:53
elmikolol17:54
*** amit213 has joined #openstack-security17:54
sigmavirus24y'all need to tell elmiko to stop laughing at my terrible jokes17:55
sigmavirus24=P17:55
sigmavirus24brb17:55
*** dwyde has joined #openstack-security17:56
*** amit213 has quit IRC17:56
elmikosorry, i'm a sucker for terrible jokes ;)17:56
*** amit213 has joined #openstack-security17:57
openstackgerritTravis McPeak proposed stackforge/bandit: Adding paramiko.exec_command check to blacklist functions  https://review.openstack.org/19292017:57
*** first123 has quit IRC18:03
*** first123 has joined #openstack-security18:03
*** amit213 has quit IRC18:03
*** amit213 has joined #openstack-security18:04
*** first123 has quit IRC18:04
*** amit213 has quit IRC18:04
*** amit213 has joined #openstack-security18:05
*** bpokorny has joined #openstack-security18:08
*** amit213 has quit IRC18:12
*** amit213 has joined #openstack-security18:12
*** bpokorny_ has joined #openstack-security18:18
*** jian5397 has joined #openstack-security18:19
*** amit213 has quit IRC18:19
*** amit213 has joined #openstack-security18:19
*** bpokorny has quit IRC18:21
*** singleth_ has joined #openstack-security18:23
*** amit213 has quit IRC18:26
*** singlethink has quit IRC18:26
*** amit213 has joined #openstack-security18:27
*** elmiko has quit IRC18:27
*** elmiko has joined #openstack-security18:29
*** amit213 has quit IRC18:30
*** amit213 has joined #openstack-security18:30
*** amit213 has quit IRC18:31
*** amit213 has joined #openstack-security18:32
*** amit213 has quit IRC18:33
*** amit213 has joined #openstack-security18:34
*** amit213 has quit IRC18:41
*** amit213 has joined #openstack-security18:42
*** amit213 has quit IRC18:43
*** amit213 has joined #openstack-security18:44
*** amit213 has quit IRC18:50
*** amit213 has joined #openstack-security18:51
*** amit213 has quit IRC18:57
*** amit213 has joined #openstack-security18:57
*** first123 has joined #openstack-security18:58
*** amit213 has quit IRC19:00
*** amit213 has joined #openstack-security19:00
*** amit213 has quit IRC19:02
*** amit213 has joined #openstack-security19:02
*** amit213 has quit IRC19:04
*** timkennedy has quit IRC19:04
*** amit213 has joined #openstack-security19:04
*** amit213 has quit IRC19:06
*** amit213 has joined #openstack-security19:06
*** amit213 has quit IRC19:08
*** amit213 has joined #openstack-security19:08
*** amit213 has quit IRC19:10
*** amit213 has joined #openstack-security19:10
*** amit213 has quit IRC19:13
*** amit213 has joined #openstack-security19:13
*** amit213 has quit IRC19:15
*** amit213 has joined #openstack-security19:15
*** sdake has joined #openstack-security19:17
*** sdake_ has quit IRC19:21
*** amit213 has quit IRC19:22
*** amit213 has joined #openstack-security19:22
*** amit213 has quit IRC19:24
*** amit213 has joined #openstack-security19:24
*** amit213 has quit IRC19:26
*** amit213 has joined #openstack-security19:26
*** sdake_ has joined #openstack-security19:33
*** amit213 has quit IRC19:33
*** amit213 has joined #openstack-security19:34
*** sdake has quit IRC19:36
*** alex_klimov has joined #openstack-security19:37
*** elo has joined #openstack-security19:39
*** amit213 has quit IRC19:40
*** amit213 has joined #openstack-security19:41
*** amit213 has quit IRC19:44
*** amit213 has joined #openstack-security19:44
*** amit213 has quit IRC19:47
*** sdake has joined #openstack-security19:47
*** amit213 has joined #openstack-security19:47
*** sdake_ has quit IRC19:51
*** singlethink has joined #openstack-security19:51
*** amit213 has quit IRC19:54
*** singleth_ has quit IRC19:55
*** amit213 has joined #openstack-security19:55
*** amit213 has quit IRC19:56
*** amit213 has joined #openstack-security19:57
*** amit213 has quit IRC19:57
*** amit213 has joined #openstack-security19:57
*** singleth_ has joined #openstack-security19:58
*** amit213 has quit IRC19:59
*** amit213 has joined #openstack-security19:59
*** amit213 has quit IRC20:01
*** amit213 has joined #openstack-security20:01
*** singlethink has quit IRC20:01
*** amit213 has quit IRC20:03
*** amit213 has joined #openstack-security20:03
*** amit213 has quit IRC20:05
*** amit213 has joined #openstack-security20:05
*** amit213 has quit IRC20:07
*** amit213 has joined #openstack-security20:07
*** amit213 has quit IRC20:08
*** amit213 has joined #openstack-security20:09
*** amit213 has quit IRC20:16
*** amit213 has joined #openstack-security20:16
*** amit213 has quit IRC20:23
*** amit213 has joined #openstack-security20:23
*** amit213 has quit IRC20:25
*** amit213 has joined #openstack-security20:25
*** jian5397 has quit IRC20:29
*** amit213 has quit IRC20:32
*** amit213 has joined #openstack-security20:33
*** alex_klimov has quit IRC20:33
*** alex_klimov has joined #openstack-security20:35
*** amit213 has quit IRC20:39
*** amit213 has joined #openstack-security20:40
*** amit213 has quit IRC20:41
*** amit213 has joined #openstack-security20:42
*** elmiko is now known as _elmiko20:46
openstackgerritTravis McPeak proposed stackforge/bandit: Adding paramiko injections check to blacklist functions  https://review.openstack.org/19292020:46
*** amit213 has quit IRC20:48
*** amit213 has joined #openstack-security20:49
*** amit213 has quit IRC20:51
*** amit213 has joined #openstack-security20:51
*** amit213 has quit IRC20:53
*** amit213 has joined #openstack-security20:54
*** amit213 has quit IRC20:55
*** amit213 has joined #openstack-security20:55
*** jian5397 has joined #openstack-security20:59
*** jamielennox is now known as jamielennox|away21:01
*** amit213 has quit IRC21:02
*** amit213 has joined #openstack-security21:02
*** jamielennox|away is now known as jamielennox21:09
*** amit213 has quit IRC21:09
*** amit213 has joined #openstack-security21:10
*** amit213 has quit IRC21:12
*** amit213 has joined #openstack-security21:13
*** amit213 has quit IRC21:15
*** amit213 has joined #openstack-security21:15
*** amit213 has quit IRC21:16
*** amit213 has joined #openstack-security21:16
*** amit213 has quit IRC21:17
*** amit213 has joined #openstack-security21:18
*** amit213 has quit IRC21:19
*** amit213 has joined #openstack-security21:20
*** _elmiko is now known as elmiko21:23
*** amit213 has quit IRC21:26
*** amit213 has joined #openstack-security21:27
*** amit213 has quit IRC21:29
*** amit213 has joined #openstack-security21:30
*** amit213 has quit IRC21:32
*** amit213 has joined #openstack-security21:33
*** jian5397 has quit IRC21:34
*** amit213 has quit IRC21:35
*** amit213 has joined #openstack-security21:35
*** jian5397 has joined #openstack-security21:36
*** amit213 has quit IRC21:37
*** amit213 has joined #openstack-security21:38
*** amit213 has quit IRC21:38
*** amit213 has joined #openstack-security21:38
*** amit213 has quit IRC21:45
*** amit213 has joined #openstack-security21:45
*** amit213 has quit IRC21:46
*** amit213 has joined #openstack-security21:46
*** singlethink has joined #openstack-security21:46
*** amit213 has quit IRC21:49
*** amit213 has joined #openstack-security21:49
*** singleth_ has quit IRC21:50
*** amit213 has quit IRC21:51
*** amit213 has joined #openstack-security21:51
*** bknudson has quit IRC21:54
*** amit213 has quit IRC21:57
*** amit213 has joined #openstack-security21:57
*** amit213 has quit IRC21:57
*** amit213 has joined #openstack-security21:58
*** browne has quit IRC22:01
*** amit213 has quit IRC22:01
*** amit213 has joined #openstack-security22:02
*** browne has joined #openstack-security22:02
*** amit213 has quit IRC22:08
*** amit213 has joined #openstack-security22:09
*** amit213 has quit IRC22:15
*** amit213 has joined #openstack-security22:15
*** amit213 has quit IRC22:17
*** amit213 has joined #openstack-security22:17
*** voodookid has quit IRC22:18
*** amit213 has quit IRC22:18
*** amit213 has joined #openstack-security22:18
*** amit213 has quit IRC22:26
*** amit213 has joined #openstack-security22:26
*** amit213 has quit IRC22:28
*** amit213 has joined #openstack-security22:28
*** singlethink has quit IRC22:30
*** browne has quit IRC22:32
*** amit213 has quit IRC22:34
*** localloop127 has quit IRC22:34
*** amit213 has joined #openstack-security22:34
*** elmiko is now known as _elmiko22:35
*** amit213 has quit IRC22:41
*** amit213 has joined #openstack-security22:41
*** edmondsw has quit IRC22:43
*** amit213 has quit IRC22:44
*** browne has joined #openstack-security22:44
*** dwyde has quit IRC22:44
*** sigmavirus24 is now known as sigmavirus24_awa22:44
*** amit213 has joined #openstack-security22:45
*** amit213 has quit IRC22:46
*** amit213 has joined #openstack-security22:46
*** tmcpeak has quit IRC22:48
*** amit213 has quit IRC22:48
*** amit213 has joined #openstack-security22:48
*** tmcpeak has joined #openstack-security22:49
*** nkinder has quit IRC22:49
*** dave-mccowan has quit IRC22:50
*** amit213 has quit IRC22:51
*** amit213 has joined #openstack-security22:51
*** browne has quit IRC22:55
*** openstackgerrit has quit IRC22:55
*** markvoelker_ has quit IRC22:55
*** amit213 has quit IRC22:55
*** amit213 has joined #openstack-security22:56
*** nkinder has joined #openstack-security22:57
*** sdake_ has joined #openstack-security22:57
*** amit213 has quit IRC22:57
*** amit213 has joined #openstack-security22:58
*** amit213 has quit IRC22:58
*** alex_klimov has quit IRC22:58
*** amit213 has joined #openstack-security22:58
*** amit213 has quit IRC22:59
*** amit213 has joined #openstack-security22:59
*** amit213 has quit IRC23:01
*** sdake has quit IRC23:01
*** amit213 has joined #openstack-security23:01
*** jian5397 has quit IRC23:03
*** dave-mcc_ has joined #openstack-security23:05
*** openstackgerrit has joined #openstack-security23:05
*** markvoelker_ has joined #openstack-security23:05
*** amit213 has quit IRC23:07
*** amit213 has joined #openstack-security23:07
*** sdake_ is now known as sdake23:08
*** amit213 has quit IRC23:08
*** amit213 has joined #openstack-security23:08
*** amit213 has quit IRC23:10
*** amit213 has joined #openstack-security23:10
*** amit213 has quit IRC23:11
*** amit213 has joined #openstack-security23:12
*** amit213 has quit IRC23:12
*** amit213 has joined #openstack-security23:12
*** amit213 has quit IRC23:14
*** amit213 has joined #openstack-security23:14
*** amit213 has quit IRC23:15
*** amit213 has joined #openstack-security23:15
*** amit213 has quit IRC23:17
*** markvoelker_ has quit IRC23:26
« Wednesday, 2015-06-17 Index Friday, 2015-06-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!