Thursday, 2016-08-11

*** agireud has quit IRC00:30
*** agireud has joined #openstack-security00:37
*** eric_lopez has quit IRC00:48
*** eric_lopez has joined #openstack-security00:55
*** aastha has joined #openstack-security01:06
*** otto1 has joined #openstack-security01:06
*** otto1 has quit IRC01:07
*** eric_lopez has quit IRC01:20
*** elo has joined #openstack-security01:21
*** elo has quit IRC01:26
*** elo has joined #openstack-security01:27
*** elo has quit IRC01:32
*** elo has joined #openstack-security01:34
*** zhihui has joined #openstack-security01:40
*** eric_lopez has joined #openstack-security01:41
*** elo has quit IRC01:41
*** eric_lopez has quit IRC02:05
*** elo has joined #openstack-security02:05
*** eric_lopez has joined #openstack-security02:31
*** elo has quit IRC02:31
*** Long_yanG has quit IRC02:32
*** LongyanG has joined #openstack-security02:33
*** eric_lopez has quit IRC02:36
*** elo has joined #openstack-security02:36
*** vinaypotluri has quit IRC02:41
*** elo has quit IRC03:11
*** krotscheck_ has joined #openstack-security03:12
*** krotscheck has quit IRC03:13
*** krotscheck_ is now known as krotscheck03:14
*** elo has joined #openstack-security03:15
*** elo has quit IRC03:22
*** GoceVida has quit IRC03:24
*** elo has joined #openstack-security03:25
*** GoceVida has joined #openstack-security03:25
*** dave-mccowan has quit IRC03:48
*** elo has quit IRC03:52
*** elo has joined #openstack-security04:14
*** GoceVida has quit IRC04:20
*** GoceVida has joined #openstack-security04:22
*** dikonoor has joined #openstack-security05:00
*** sdake has quit IRC05:20
*** rcernin has joined #openstack-security05:29
*** liverpooler has joined #openstack-security05:42
*** liverpooler is now known as yrabl|WFH05:43
*** yrabl|WFH is now known as liverpooler05:43
*** liverpooler has quit IRC05:44
*** serverascode_ has joined #openstack-security05:44
*** liverpooler has joined #openstack-security05:44
*** serverascode has quit IRC05:48
*** liverpoo1er has joined #openstack-security05:49
*** liverpooler has quit IRC05:50
*** liverpooler has joined #openstack-security05:51
*** serverascode_ is now known as serverascode05:51
*** GoceVida has quit IRC06:14
*** GoceVida has joined #openstack-security06:15
*** ccneill_ has joined #openstack-security06:20
*** ccneill has quit IRC06:21
*** pcaruana has joined #openstack-security06:45
*** tesseract- has joined #openstack-security06:53
*** aastha has quit IRC06:57
*** liverpoo1er has quit IRC06:58
*** vir1 has joined #openstack-security07:25
*** GoceVida has quit IRC07:36
*** GoceVida has joined #openstack-security07:39
*** vir1 has quit IRC07:45
*** shohel has joined #openstack-security08:04
*** vir1 has joined #openstack-security08:20
*** sdake has joined #openstack-security08:23
*** v12aml has quit IRC08:46
*** v12aml has joined #openstack-security08:47
*** vir1 has quit IRC08:54
*** amitkqed has quit IRC09:27
*** amitkqed has joined #openstack-security09:27
*** v12aml has quit IRC09:52
*** v12aml has joined #openstack-security09:53
*** GoceVida has quit IRC10:07
*** GoceVida has joined #openstack-security10:20
*** gszafranski has quit IRC10:25
*** Unterd0g_ is now known as Unterd0g10:50
*** amitkqed has quit IRC11:28
*** amitkqed has joined #openstack-security11:28
*** dave-mccowan has joined #openstack-security12:15
*** Trident has joined #openstack-security12:16
*** shohel has quit IRC12:16
*** shohel has joined #openstack-security12:25
*** edmondsw has joined #openstack-security12:28
*** GoceVida has quit IRC12:35
*** GoceVida has joined #openstack-security12:38
*** sdake has quit IRC12:43
*** jass93 has quit IRC12:47
*** _elmiko is now known as elmiko13:01
*** shohel has quit IRC13:05
*** shohel has joined #openstack-security13:05
*** zhihui has quit IRC13:11
*** JAHoagie has joined #openstack-security13:34
*** singlethink has joined #openstack-security13:41
*** sdake has joined #openstack-security13:47
*** sdake_ has joined #openstack-security14:07
*** sdake has quit IRC14:09
*** edtubill has joined #openstack-security14:17
*** JAHoagie has quit IRC14:19
*** shohel has quit IRC14:23
*** dave-mcc_ has joined #openstack-security14:35
*** dave-mccowan has quit IRC14:36
*** mvaldes has joined #openstack-security14:36
*** JAHoagie has joined #openstack-security14:38
*** JAHoagie has quit IRC14:42
*** sdake has joined #openstack-security14:47
*** sdake_ has quit IRC14:47
*** dikonoor has quit IRC14:47
*** JAHoagie has joined #openstack-security14:51
*** aastha has joined #openstack-security14:53
*** JAHoagie has quit IRC14:58
*** tesseract- has quit IRC15:23
*** catintheroof has joined #openstack-security15:27
*** JAHoagie has joined #openstack-security15:33
*** hockeynut has quit IRC15:34
*** vinaypotluri has joined #openstack-security15:42
*** sdake_ has joined #openstack-security15:49
*** sdake has quit IRC15:51
*** hockeynut has joined #openstack-security16:00
*** hockeynut has quit IRC16:00
*** hockeynut has joined #openstack-security16:00
*** hockeynut has quit IRC16:01
*** hockeynut has joined #openstack-security16:02
openstackgerritAastha Dixit proposed openstack/syntribos: Implement config loading schema
*** rcernin has quit IRC16:15
*** Oshino has quit IRC16:18
openstackgerritCharles Neill proposed openstack/syntribos: Fixes a bug in "excluded tests"
*** knangia has joined #openstack-security16:32
*** dikonoor has joined #openstack-security16:34
*** ccneill_ is now known as ccneill16:38
ccneillunrahul, vinaypotluri, aastha : ping16:49
*** mdong has joined #openstack-security16:49
*** sdake_ has quit IRC16:57
*** dave-mcc_ has quit IRC16:57
*** dave-mccowan has joined #openstack-security16:57
*** tkelsey has joined #openstack-security17:01
*** rcernin has joined #openstack-security17:02
*** rcernin has quit IRC17:05
*** rcernin has joined #openstack-security17:05
vinaypotlurihey ccneill17:12
unrahulhey ccneill  taking it off the grid for now17:12
ccneillI always forget how to log into Horizon >_<17:12
*** sdake has joined #openstack-security17:29
*** catintheroof has quit IRC17:30
*** mvaldes has quit IRC17:32
*** dikonoor has quit IRC17:40
*** mvaldes has joined #openstack-security17:43
*** tkelsey has quit IRC17:44
*** tkelsey has joined #openstack-security17:44
openstackgerritAastha Dixit proposed openstack/syntribos: Implement config loading schema
*** ametts has joined #openstack-security17:57
*** tkelsey has quit IRC18:04
*** hockeynut has quit IRC18:09
*** hockeynut has joined #openstack-security18:11
*** mvaldes has quit IRC18:18
*** ccneill_ has joined #openstack-security18:29
*** ccneill has quit IRC18:32
*** ccneill_ is now known as ccneill18:33
*** catintheroof has joined #openstack-security18:34
*** GoceVida has quit IRC19:20
michaelxinccneill: mdong: vinaypotluri: How was yesterday's testing?19:28
ccneillwe found a lot of things to work on :)19:28
ccneillbut it went pretty well I think19:28
*** catintheroof has quit IRC19:28
ccneilleveryone was able to test against the Keystone instance through BURP19:29
mdongwe had some notes on etherpad19:29
ccneilland we identified some changes we can make to make the tool better19:29
ccneillbumping up the time_length_diff and percentage_length_diff numbers helped us avoid false positives, but I haven't had a chance to go through and manually verify results yet19:29
*** bknudson has left #openstack-security19:31
*** GoceVida has joined #openstack-security19:33
ccneillJenkins appears to be slacking again...19:37
michaelxincool. Thanks. Will take a look.19:48
michaelxinDid you find anything worth reporting?19:48
*** GoceVida has quit IRC19:49
*** GoceVida has joined #openstack-security19:50
*** edtubill has quit IRC19:57
*** edtubill has joined #openstack-security19:58
*** catintheroof has joined #openstack-security20:00
ccneillnot really20:05
ccneillwell, except that the server didn't like the string "..%c0%af"20:05
ccneillnot sure why20:05
ccneillbut that popped up in several places20:06
ccneill(500 errors)20:06
*** edtubill has quit IRC20:21
*** mvaldes has joined #openstack-security20:42
*** ametts has quit IRC20:45
*** sdake has quit IRC20:48
*** ametts has joined #openstack-security20:51
*** ametts has quit IRC20:56
*** bknudson has joined #openstack-security21:14
*** sdake has joined #openstack-security21:16
michaelxin500 errors might be worth reporting.21:24
*** sdake has quit IRC21:33
*** hockeynut has quit IRC21:38
*** ddox has joined #openstack-security21:49
*** ddox has quit IRC21:50
*** ddox has joined #openstack-security21:52
*** ddox has left #openstack-security21:56
*** edmondsw has quit IRC22:03
unrahulHey ccneill  found a way to package the data files22:06
unrahulso the idea is to add it to syntribos dir and modify the setup.py22:07
unrahulso the tree would be like this22:07
unrahuland include package_data in setup arguments in setup.py22:07
unrahulwhat do u think?22:08
ccneillworried about this -
ccneillnot sure if that will be a problem or not22:10
unrahulyeah.. i didnt really understand that..22:10
unrahulis it something related to jenkins..?22:10
*** mvaldes has quit IRC22:10
unrahuli can try pushing a patch and see if jenkins raises any concerns..22:11
ccneilllooks like we can specify them in setup.cfg22:11
unrahulwhoa.. let me try that.. then22:11
unrahulmay the whole reason that the file is setup.cfg is so that we put the config details there.22:11
ccneillyeah I think so22:13
ccneillbut I haven't dealt with it much22:13
ccneillor at all for this project22:13
mdongthe data_files config option might be exactly what we want22:13
*** jass93 has joined #openstack-security22:13
mdongspeaking of, our setup.cfg contains the line22:13
mdongauthor-email = nathan.buckner@rackspace.com22:13
ccneillnoticed that22:14
ccneillwe should change it to OpenStack / OpenStack dev list22:14
mdongis there a way to get a syntribos email list?22:14
mdongif for no other reason than to type everyone’s email22:14
unrahuli think that is in launchpad something22:14
mdongthan to avoid typing everyone’s email*22:14
ccneillhmm that would be nice22:15
ccneillfound this..
mdongshould probably subscribe to the openstack mailing list huh22:17
mdongah yeah looks like we can request our own list22:19
unrahulso data_files dont install into site_packages but to a dir outside of it.. depending upon what we provide, like etc/22:26
unrahullet me figure out how to install into site_packages using config22:26
mdongI thought we were talking about having it install to ~/.syntribos folder or something?22:27
ccneillhmm.. I wonder how we can reference those files if we put them in site packages22:27
unrahulmdong: ..22:27
unrahulno.. packaging with syntribos.. itself.. so it will be installed in the site packages.. for all the default tests22:28
unrahulbecause we are not sure.. that there will always be a home dir and the package wont create any dirs outside.. ryt22:28
mdongsorry, just going off the design day notes we had22:29
mdongday 7, or is that not what we’re talking about?22:29
unrahulbecause then conceptually for the user it would just be like another opencafe dir structure.. which we dont want ryt..?22:29
*** edtubill has joined #openstack-security22:29
mdongsure, but site-packages doesn’t really feel like where data files should go22:31
*** edtubill has quit IRC22:31
unrahulthe thought was, if syntribos is downloaded by the user from pypi then, it should work out of the box for at least the tests that we are packaging the tool with..22:32
unrahulwithout any further configuration22:32
ccneillsooo I know I've brought this up before, but why don't we just get rid of the data files...22:32
unrahulother than the endpoint of the users choice22:32
mdongbut if pip install puts the data files in ~/.config, it’s the same as having it put in site packages22:32
mdongI don’t have a strong opinion either way but I thought this was the result of the discussion we had?22:33
*** singlethink has quit IRC22:34
ccneillso I think we interpreted it differently22:34
ccneillbut ultimately, we're putting in all this effort for 127 lines22:35
ccneillfor i in $(grep -r "\.txt" syntribos/tests/fuzz/*.py | grep -o "data_key = .*" | awk {'print $3'} | tr -d '"'); do; cat data/$i; done | wc22:35
ccneill │     127     408    367222:35
*** catintheroof has quit IRC22:35
ccneill(god I love hacky bash pipelines :D)22:35
ccneillI didn't want to cat all the files in that dir, just the ones that are currently used by fuzz tests22:36
unrahul>< ,22:37
ccneill¯\_(ツ)_/¯ I don't know that there's a good answer to packaging up those files22:38
unrahulso should we make the re engineer the data  files or package it..?22:38
unrahullike instead of repeating aaa a 1000 times , create the strings dynamically22:39
unrahuland stuff..?22:39
mdongwell the buffer overflow lines are dynamically generated already22:39
ccneillwe'd just have to include them in the fuzz tests themselves22:39
mdongso, in the tests themselves, define the payload lines, but include the option to override those with custom data files?22:40
ccneillthat's what I'm thinking22:40
mdongI’m not sure I like that so much, because it’s less clear on how to provide the data files22:41
ccneillas I see it, we have a few options, none of which are super appealing22:42
ccneill1) use ~/.syntribos, which the user will probably have to create opencafe-style22:42
ccneill2) somehow jam them into site-packages, which I'm not sure we'll be able to reference easily (since we can't import them like modules)22:42
ccneill3) put them in /etc, which means you need root22:43
mdongwe already have a default config file in ~/.config22:43
ccneill4) put them in the files, which means we have to come up with a way for overriding22:43
mdongor, rather, ~/.syntribos22:43
ccneillI'm content with the ~/.syntribos approach, but I don't think it's compatibile with "out-of-the-box pip install"22:44
ccneillall pip install will do is follow, which we don't control22:44
ccneillwe could move off PBR and edit directly, but I'm not sure that's the right answer22:44
mdongactually, are we doing ~/.syntribos or ~/.config/syntribos? cause the codebase has the former, and our design day notes have the other22:44
mdongbut I believe what unrahul was saying was that we could specify where we can install files?22:45
mdongin the setup.cfg22:45
ccneillI don't have a strong opinion.. I think both ~/.[project] and ~/.config/[project] are pretty common22:46
ccneilloslo.config has ~/.[project]/[project].conf by default22:47
ccneillso rather than making up our own thing, we should probably conform to that for familiarity's sake22:47
mdongthen in that case, since ~/.[project] is already openstack convention, I don’t see why we don’t just keep use it22:47
ccneill(sorry, I know I'm the one who proposed ~/.config)22:47
mdongand if setup.cfg can install files to ~/.syntribos folder, then that should be fine, right?22:48
ccneillhrm.. wonder if there are any projects that we can reference doing this22:48
*** edtubill has joined #openstack-security22:50
*** elmiko is now known as _elmiko22:51
mdongso it looks like neutron is installing files to etc/neutron22:52
ccneillI think most services use /etc22:53
ccneilltrying to find something similar in the various python clients22:53
mdongso is there a way we can have it install to the virtualenv’s etc folder?22:54
mdongbecause surely not all of these projects need root22:54
ccneillyeah, I think so22:56
mdongso maybe we install to etc/syntribos? since that also seems to be an openstack convention?22:57
ccneillyeah it mentions the relative paths thing at the bottom of this22:58
ccneillNote that this behavior is relative to the effective root of the environment into which the packages are installed, so depending on available permissions this could be the actual system-wide /etc directory or just a top-level etc subdirectory of a virtualenv.22:58
*** edtubill has quit IRC22:59
mdongah, ok, so installing to etc/syntribos is an option, then22:59
ccneilllooks like /share is another popular one..23:00
ccneillmaybe just for manpages23:01
mdongconfig files seem to all go into etc at least23:01
mdongspeaking of which, all our config files are named .config, whereas its more openstacky to do .conf23:02
ccneillyeah, but I don't know how happy people will be about dumping our current data dir into /etc/..23:02
mdongnot sure how it matters23:02
mdongand our templates, if we’re packaging those as well23:03
ccneillwell, in any case, it doesn't look like anyone is using the $HOME dir to install anything in23:04
ccneillso etc is probably our best bet..23:04
*** edtubill has joined #openstack-security23:13
*** mdong has quit IRC23:24
unrahulwell all the projects23:31
unrahulhave root access23:31
*** testing1234 has joined #openstack-security23:31
unrahulas we are creating users (keystone, nova, etc ) before setting up the projects23:31
*** edtubill has quit IRC23:31
unrahulin our case, there is no need for a user syntribos ryt.. and that wont really work in the gate also ryt..?23:32
unrahulif we use virtualenv/ then.. it wont work for users who are trying to install it without virtualenv23:32
unrahulso .. i am confused. :/23:32
unrahuleither we need to tell the user to download the files(may be a sub command) to the directory then..23:33
unrahulw3 fuzzer packages data along with their tests/attacks i guess..23:33
*** edtubill has joined #openstack-security23:41
*** edtubill has quit IRC23:45
*** knangia has quit IRC23:51

Generated by 2.14.0 by Marius Gedminas - find it at!