Thursday, 2015-09-24

openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Remove useless tests https://review.openstack.org/223436	00:12
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Add EKU extension validator https://review.openstack.org/223403	00:14
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Add EKU extension validator https://review.openstack.org/223403	00:24
*** d0ugal has quit IRC		00:35
*** d0ugal has joined #openstack-security		00:40
*** d0ugal is now known as Guest65853		00:40
*** edmondsw has quit IRC		00:46
*** sdake has joined #openstack-security		01:03
*** tjt263 has quit IRC		01:45
*** bpokorny has quit IRC		01:57
*** sdake has quit IRC		02:06
*** Canaimera-georg1 has joined #openstack-security		02:20
Canaimera-georg1	;-)	02:21
Canaimera-georg1	:'(	02:23
Canaimera-georg1	=-O	02:27
*** Canaimera-georg1 has left #openstack-security		02:27
*** tjt263 has joined #openstack-security		02:36
*** salv-orl_ has joined #openstack-security		02:59
*** salv-orlando has quit IRC		03:02
*** tkelsey has joined #openstack-security		04:09
*** tkelsey has quit IRC		04:15
*** firebait has joined #openstack-security		04:26
*** thehoffau has joined #openstack-security		04:27
*** firebait has quit IRC		04:27
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Add audit https://review.openstack.org/227108	04:43
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Add audit https://review.openstack.org/227108	04:49
*** sdake has joined #openstack-security		04:54
*** dave-mccowan has quit IRC		05:00
*** thehoffau has quit IRC		05:00
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Add audit https://review.openstack.org/227108	05:00
*** airen has quit IRC		05:24
*** airen has joined #openstack-security		05:25
*** sdake has quit IRC		05:40
*** tmcpeak has joined #openstack-security		06:08
*** markvoelker has quit IRC		06:27
*** Guest65863 has joined #openstack-security		06:45
Guest65863	freeBid is a online auction and ecommerce solution for both private and business sellers a great alternative with zero listing fees. http://www.theluxbay.com sell online free	06:45
*** Guest65863 is now known as luxbay		06:48
*** salv-orl_ has quit IRC		06:55
*** salv-orlando has joined #openstack-security		06:56
*** browne has quit IRC		07:07
*** luxbay has quit IRC		07:10
*** alex_klimov has joined #openstack-security		07:22
*** markvoelker has joined #openstack-security		07:28
*** markvoelker has quit IRC		07:33
*** jamielennox is now known as jamielennox\|away		07:53
*** Guest65853 is now known as d0ugal		08:08
*** d0ugal has quit IRC		08:08
*** d0ugal has joined #openstack-security		08:08
*** tkelsey has joined #openstack-security		08:12
*** jkf has quit IRC		08:14
*** jkf_ has joined #openstack-security		08:15
*** jkf_ is now known as jkf		08:15
*** tmcpeak1 has joined #openstack-security		08:40
*** tmcpeak has quit IRC		08:40
*** Trident has quit IRC		08:57
*** alex_klimov has quit IRC		09:02
openstackgerrit	Merged openstack/bandit: Fixing bug introduced by manager refactor https://review.openstack.org/226832	09:24
*** markvoelker has joined #openstack-security		09:29
openstackgerrit	Merged openstack/bandit: Increasing coverage of try-except-pass to 100% https://review.openstack.org/220742	09:31
openstackgerrit	Merged openstack/bandit: Increasing coverage of try-except-pass to 100% https://review.openstack.org/220742	09:31
*** markvoelker has quit IRC		09:34
*** alex_klimov has joined #openstack-security		09:40
*** salv-orlando has quit IRC		10:40
*** salv-orlando has joined #openstack-security		10:40
*** dave-mccowan has joined #openstack-security		10:57
openstackgerrit	Tim Kelsey proposed openstack/bandit: Adding docs for blacklist_imports test https://review.openstack.org/227233	11:11
*** tmcpeak1 has quit IRC		11:19
*** markvoelker has joined #openstack-security		11:30
*** markvoelker has quit IRC		11:34
tkelsey	thanks elmiko	11:36
openstackgerrit	Tim Kelsey proposed openstack/bandit: Adding docs for blacklist_imports test https://review.openstack.org/227233	11:38
elmiko	np tkelsey, just a small one ;)	11:38
tkelsey	yup :) good spot	11:38
tkelsey	updated	11:38
*** Emo_Girl has joined #openstack-security		12:05
Emo_Girl	la	12:06
Emo_Girl	hola*	12:07
*** Emo_Girl has left #openstack-security		12:07
*** Emo_Girl has joined #openstack-security		12:08
Emo_Girl	hola	12:08
*** Emo_Girl has left #openstack-security		12:09
*** alex_klimov has quit IRC		12:24
*** markvoelker has joined #openstack-security		12:31
*** edmondsw has joined #openstack-security		12:32
*** jamielennox\|away is now known as jamielennox		12:37
*** alex_klimov has joined #openstack-security		12:53
*** alejandrito has joined #openstack-security		13:14
*** jhfeng has joined #openstack-security		14:06
*** dave-mccowan has quit IRC		14:15
*** jamielennox is now known as jamielennox\|away		14:26
openstackgerrit	Michael Xin proposed openstack/security-doc: Adding an OSSN for bug 1456228 - Trusted VM powered on untrusted host https://review.openstack.org/220263	14:35
openstack	bug 1456228 in OpenStack Security Notes "Trusted vm can be powered on untrusted host" [Medium,Confirmed] https://launchpad.net/bugs/1456228 - Assigned to Michael Xin (michael-xin)	14:35
*** dave-mccowan has joined #openstack-security		14:36
*** tjt263 has quit IRC		14:39
*** salv-orlando has quit IRC		14:41
*** salv-orlando has joined #openstack-security		14:41
openstackgerrit	Merged openstack/anchor: Remove useless tests https://review.openstack.org/223436	14:52
openstackgerrit	Merged openstack/anchor: Fix all the doc build paths https://review.openstack.org/220881	14:54
*** jhfeng has quit IRC		14:55
*** browne1 has joined #openstack-security		14:59
*** jhfeng has joined #openstack-security		15:03
*** voodookid has joined #openstack-security		15:04
*** ccneill has joined #openstack-security		15:07
*** dwyde has joined #openstack-security		15:08
*** Windir has quit IRC		15:08
openstackgerrit	Michael Xin proposed openstack/security-doc: Adding an OSSN for bug 1456228 - Trusted VM powered on untrusted host https://review.openstack.org/220263	15:08
openstack	bug 1456228 in OpenStack Security Notes "Trusted vm can be powered on untrusted host" [Medium,Confirmed] https://launchpad.net/bugs/1456228 - Assigned to Michael Xin (michael-xin)	15:08
*** yaya has joined #openstack-security		15:22
*** bpokorny has joined #openstack-security		15:26
*** salv-orlando has quit IRC		15:28
ccneill	hey folks, quick question for you: would anyone consider this bug worthy of CVE? https://bugs.launchpad.net/designate/+bug/1497031	15:40
openstack	Launchpad bug 1497031 in Designate "Authenticated Denial of Service in Blacklists" [High,Fix released] - Assigned to Kiall Mac Innes (kiall)	15:40
elmiko	gmurphy, tristanC ^^	15:41
openstackgerrit	Doug Chivers proposed openstack/security-specs: Added spec for seperating Anchor validation https://review.openstack.org/227384	15:41
elmiko	ccneill: not really sure what qualifies for a CVE, but that seems like you would need to control the server first to create the blacklist. is that accurate?	15:42
ccneill	yep, gotta be an admin	15:42
ccneill	and you have to create a dumb blacklist regex too	15:42
elmiko	right	15:42
elmiko	honestly, i'm not sure about the CVE. it sounds like maybe no, but i don't know the VMT process well enough	15:43
elmiko	hopefully one of them will respond	15:43
elmiko	=)	15:44
*** yaya_ has joined #openstack-security		15:44
gmurphy	designate isn't currently one of the projects that are vulnerability managed (http://governance.openstack.org/reference/tags/vulnerability_managed.html)	15:44
gmurphy	so the vmt process doesn't handle it	15:44
gmurphy	but anyway…	15:44
ccneill	ah, so I should email oss-sec with a cc to mitre maybe?	15:45
gmurphy	is the default configuration vulnerable?	15:45
gmurphy	or do you have to shoot yourself in the foot..	15:45
ccneill	well.. vulnerable in the sense that someone could go in and add a bad blacklist	15:45
ccneill	not vulnerable in the sense that there is a default blacklist that will crash the server	15:45
gmurphy	hmm.. i probably would classify it as C1 under this https://security.openstack.org/vmt-process.html#incident-report-taxonomy	15:46
gmurphy	Not considered a practical vulnerability (but some people might assign a CVE for it)	15:46
*** yaya has quit IRC		15:47
*** yaya_ is now known as yaya		15:47
ccneill	yeah, I'd agree	15:47
gmurphy	so i think definitely a security note..	15:47
gmurphy	maybe not for the cve.. you could ask mitre if you like	15:48
*** jhfeng has quit IRC		15:52
*** gabriela has joined #openstack-security		15:53
ccneill	I'll email oss-sec and cc mitre. what's the process for proposing a new OSSN?	15:53
gmurphy	can add a ossn task to the lp bug.	15:54
gmurphy	then this - https://wiki.openstack.org/wiki/Security/Security_Note_Process	15:54
gabriela	hol<a	15:54
*** jhfeng has joined #openstack-security		15:54
ccneill	gmurphy: how does one add the OSSN task? "Also affects project"?	15:57
gmurphy	yep	15:57
gmurphy	then search for ossn	15:57
gmurphy	or security note	15:57
gmurphy	something like that	15:57
tristanC	ccneill: last time I tried, blacklist update needs admin access right ?	16:01
ccneill	yep	16:01
tristanC	then yes, I agree with gmurphy, this qualify as a C1 type of bug	16:05
ccneill	cool, I just added the "also-affects OSSN"	16:05
ccneill	not sure what has to happen for it to take effect	16:05
*** yaya has quit IRC		16:11
gmurphy	ccneill: https://bugs.launchpad.net/ossn <- it shows up in this list now	16:11
ccneill	aha	16:11
ccneill	nice	16:11
gmurphy	so then people from security group can pick it up and start working on it	16:11
gmurphy	etc.	16:11
ccneill	cool cool	16:13
*** yaya has joined #openstack-security		16:15
*** markvoelker_ has joined #openstack-security		16:21
*** markvoelker has quit IRC		16:24
*** mihero_ has quit IRC		16:24
*** mihero has joined #openstack-security		16:25
*** yaya has quit IRC		16:26
*** gabriela has quit IRC		16:26
*** yaya has joined #openstack-security		16:36
*** yaya has quit IRC		16:39
*** alex_klimov has quit IRC		16:47
*** browne1 has quit IRC		16:49
*** singlethink has joined #openstack-security		16:54
*** bpokorny_ has joined #openstack-security		17:25
*** bpokorny has quit IRC		17:25
*** salv-orlando has joined #openstack-security		17:29
*** sassymaribel has joined #openstack-security		17:34
*** sassymaribel has left #openstack-security		17:35
*** browne has joined #openstack-security		17:40
*** bpokorny_ has quit IRC		17:55
*** bpokorny has joined #openstack-security		17:55
*** ccneill has quit IRC		17:57
*** tkelsey has quit IRC		18:00
*** dwyde has quit IRC		18:02
*** ccneill has joined #openstack-security		18:03
*** bpokorny has quit IRC		18:10
*** bpokorny has joined #openstack-security		18:10
*** salv-orlando has quit IRC		18:15
*** Mn3m0n1k has joined #openstack-security		18:40
*** gabriela2 has joined #openstack-security		18:41
*** gabriela2 has left #openstack-security		18:42
openstackgerrit	Priti Desai proposed openstack/security-doc: Adding Security Checklist https://review.openstack.org/225291	18:46
*** austin987 has quit IRC		18:51
*** gabriela2 has joined #openstack-security		18:52
*** gabriela2 has left #openstack-security		18:54
*** yaya has joined #openstack-security		19:08
*** tjt263 has joined #openstack-security		19:32
*** jhfeng has quit IRC		19:32
*** jhfeng has joined #openstack-security		19:33
*** yaya has quit IRC		19:36
*** Mn3m0n1k has quit IRC		19:45
*** alejandrito has quit IRC		19:53
*** yaya has joined #openstack-security		20:05
*** alex_klimov has joined #openstack-security		20:09
*** salv-orlando has joined #openstack-security		20:19
*** salv-orlando has quit IRC		20:22
*** jhfeng has quit IRC		20:24
*** su_zhang has joined #openstack-security		20:24
*** jhfeng has joined #openstack-security		20:31
*** salv-orlando has joined #openstack-security		20:35
*** salv-orlando has quit IRC		20:35
*** yaya_ has joined #openstack-security		20:36
*** salv-orlando has joined #openstack-security		20:36
*** yaya has quit IRC		20:37
*** yaya_ is now known as yaya		20:37
*** yaya has quit IRC		20:46
*** yaya has joined #openstack-security		20:48
*** timkennedy has quit IRC		20:48
*** dave-mccowan has quit IRC		20:58
*** edmondsw has quit IRC		21:02
*** gabriela has joined #openstack-security		21:33
*** gabriela has left #openstack-security		21:33
*** alejandrito has joined #openstack-security		21:41
*** gabriela has joined #openstack-security		21:46
*** gabriela has left #openstack-security		21:46
*** yaya has quit IRC		21:56
*** jhfeng has quit IRC		22:03
*** austin987 has joined #openstack-security		22:24
*** tjt263 has quit IRC		22:31
*** su_zhang has quit IRC		22:37
*** dave-mccowan has joined #openstack-security		22:47
*** singlethink has quit IRC		22:53
*** voodookid has quit IRC		23:02
*** alejandrito has quit IRC		23:03
*** alex_klimov has quit IRC		23:04
*** markvoelker_ has quit IRC		23:04
openstackgerrit	Stanislaw Pitucha proposed openstack/anchor: Don't accept unknown extensions https://review.openstack.org/222970	23:07
*** ccneill has quit IRC		23:34
*** agireud has quit IRC		23:42
*** evandown has quit IRC		23:55
*** evandown has joined #openstack-security		23:55
*** jamielennox\|away is now known as jamielennox		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!