Friday, 2016-09-16

« Thursday, 2016-09-15 Index Saturday, 2016-09-17 »
openstackgerritRahul U Nair proposed openstack/syntribos: Adding unittests for glance client  https://review.openstack.org/37122400:11
openstackgerritRahul U Nair proposed openstack/syntribos: Adding unittest for neutron client extension  https://review.openstack.org/37121900:16
*** markvoelker has joined #openstack-security00:34
*** tmcpeak has joined #openstack-security00:35
*** austin987 has joined #openstack-security00:53
*** jass93 has joined #openstack-security01:00
*** browne has quit IRC01:14
*** salv-orl_ has joined #openstack-security01:41
*** salv-orlando has quit IRC01:43
*** tkelsey has joined #openstack-security01:47
*** tkelsey has quit IRC01:51
*** diazjf has joined #openstack-security02:04
*** jass93 has quit IRC02:07
*** knangia has quit IRC02:21
*** catintheroof has joined #openstack-security02:27
*** jass93 has joined #openstack-security02:28
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122202:30
*** jass93 has quit IRC02:32
*** jass93 has joined #openstack-security02:33
*** yuanying has quit IRC02:47
*** browne has joined #openstack-security02:53
*** tmcpeak has quit IRC02:59
*** sdake_ has quit IRC03:01
*** vinaypotluri has quit IRC03:02
*** browne has quit IRC03:12
*** vinaypotluri has joined #openstack-security03:18
*** dave-mccowan has quit IRC04:08
*** austin987 has quit IRC04:12
*** yuanying has joined #openstack-security04:13
*** diazjf has quit IRC04:17
*** austin987 has joined #openstack-security04:24
*** markvoelker has quit IRC04:28
*** rcernin has quit IRC04:37
*** tkelsey has joined #openstack-security04:49
*** tkelsey has quit IRC04:53
*** austin987 has quit IRC05:12
*** woodster_ has quit IRC05:20
*** markvoelker has joined #openstack-security05:28
*** markvoelker has quit IRC05:33
*** rcernin has joined #openstack-security05:43
*** austin987 has joined #openstack-security06:13
*** rcernin has quit IRC06:14
*** rcernin has joined #openstack-security06:19
*** pcaruana has joined #openstack-security06:23
*** vinaypotluri has quit IRC06:42
*** salv-orl_ has quit IRC06:48
*** salv-orlando has joined #openstack-security06:48
*** tkelsey has joined #openstack-security06:51
*** tkelsey has quit IRC06:55
*** shohel has joined #openstack-security07:04
*** julian1 has quit IRC07:19
*** lhinds has quit IRC07:20
*** lhinds has joined #openstack-security07:20
*** julian1 has joined #openstack-security07:20
*** markvoelker has joined #openstack-security07:29
*** markvoelker has quit IRC07:34
*** tkelsey has joined #openstack-security08:01
*** openstackgerrit has quit IRC08:03
*** openstackgerrit has joined #openstack-security08:04
*** salv-orl_ has joined #openstack-security08:27
*** salv-orlando has quit IRC08:31
*** gszafranski has joined #openstack-security08:43
*** gszafranski has quit IRC08:44
*** gszafranski has joined #openstack-security08:45
*** tkelsey has quit IRC09:43
openstackgerritEmma Foley proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122210:15
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122210:22
*** shohel1 has joined #openstack-security10:36
*** shohel1 has quit IRC10:36
*** shohel has quit IRC10:37
openstackgerritAndreas Jaeger proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122210:37
*** shohel has joined #openstack-security10:41
*** sdake has joined #openstack-security10:42
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37122210:43
*** markvoelker has joined #openstack-security11:31
*** markvoelker has quit IRC11:35
*** catintheroof has quit IRC11:39
*** shohel has quit IRC12:07
*** shohel1 has joined #openstack-security12:07
*** shohel1 has quit IRC12:11
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797812:17
*** shohel has joined #openstack-security12:25
*** markvoelker has joined #openstack-security12:26
*** catintheroof has joined #openstack-security12:27
*** edmondsw has joined #openstack-security12:32
*** _elmiko is now known as elmiko12:51
*** sdake_ has joined #openstack-security13:00
*** sdake has quit IRC13:03
*** dave-mccowan has joined #openstack-security13:07
*** ayoung_ has joined #openstack-security13:11
*** shohel has quit IRC13:49
*** sdake_ has quit IRC13:52
*** tmcpeak has joined #openstack-security14:15
*** salv-orl_ has quit IRC14:23
*** salv-orlando has joined #openstack-security14:24
*** knangia has joined #openstack-security14:26
*** mvaldes has joined #openstack-security14:29
*** woodburn has quit IRC14:56
*** woodburn has joined #openstack-security15:06
*** diazjf has joined #openstack-security15:13
*** sdake has joined #openstack-security15:14
*** rcernin has quit IRC15:15
*** diazjf has quit IRC15:16
*** sdake_ has joined #openstack-security15:18
*** sdake has quit IRC15:20
*** vinaypotluri has joined #openstack-security15:26
*** mdong has joined #openstack-security16:07
*** jass93 has quit IRC16:12
*** ccneill has joined #openstack-security16:36
*** browne has joined #openstack-security16:43
openstackgerritMerged openstack/syntribos: Minor modifications to the neutron templates  https://review.openstack.org/37102316:48
*** gfhellma has joined #openstack-security16:48
*** agireud has quit IRC16:49
*** diazjf has joined #openstack-security16:51
*** agireud has joined #openstack-security16:51
*** mwturvey has quit IRC16:56
*** jass93 has joined #openstack-security16:59
*** mvaldes has quit IRC17:04
*** mvaldes has joined #openstack-security17:06
*** capnoday has joined #openstack-security17:13
*** sdake_ has quit IRC17:18
*** diazjf has quit IRC17:36
unrahulhey ccneill18:08
unrahulu there?18:08
ccneillyep18:08
ccneillwhat's up?18:08
unrahulSo, I ran bandit against glance and got a few ElementTree to parse untrusted XML data issues..18:09
ccneillnice, that's definitely worth looking into18:09
ccneillneed to figure out if they're remotely exploitable or if they would require file-system access18:09
unrahulwhat do u think of this scenario https://github.com/openstack/glance/blob/master/glance/async/flows/ovf_process.py18:10
unrahulcant the ovf file be anything ... like the user can give pretty much anything.. ryt..? do u see this as a possible attack surface?18:10
mdongwe haven’t ran bandit against these projects yet have w?18:10
unrahulnop18:10
mdongmight be a good place to use it18:10
ccneillyep, definitely worth a try18:11
*** dave-mcc_ has joined #openstack-security18:12
unrahulI am not sure how to set it up and give it a try.. let me see .. do you guys have any poinetrs on this?18:12
unrahulccneill: mdong ^18:13
ccneillhow to set up bandit?18:13
mdongI actually haven’t run it in a while, but I believe that it has some really good documentation18:13
mdonghttps://github.com/openstack/bandit18:13
ccneillyeah, I haven't used it for a little while myself18:13
unrahulnop.. i have run bandit.. it was pretty straight forward18:14
unrahulI wanted to setup the ovf thing and use a vulnerable xml ..18:15
*** dave-mccowan has quit IRC18:16
ccneillah18:16
ccneillthat I'm not sure about18:16
mdongme neither, it could be interesting to look into though, I know the etree package is susceptible to billion laughs18:17
unrahulwhoa neat.. got a doc to how to set up the ovf import. https://wiki.openstack.org/wiki/Enhanced-Platform-Awareness-OVF-Meta-Data-Import18:17
unrahullet me try this out will let u guys know.18:17
ccneill:thumbsup:18:19
ccneill:)18:19
*** gfhellma has quit IRC18:34
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797818:51
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797818:52
*** gfhellma has joined #openstack-security19:26
*** diazjf has joined #openstack-security19:26
*** diazjf has quit IRC19:27
*** diazjf has joined #openstack-security19:37
*** salv-orl_ has joined #openstack-security19:41
*** salv-orlando has quit IRC19:43
*** diazjf has quit IRC19:48
*** sdake has joined #openstack-security19:59
*** dave-mcc_ has quit IRC20:11
*** diazjf has joined #openstack-security20:11
*** gfhellma has quit IRC20:16
*** diazjf has quit IRC20:24
*** woodburn has left #openstack-security20:31
*** dave-mccowan has joined #openstack-security20:33
*** diazjf has joined #openstack-security20:34
*** mdong has quit IRC20:35
*** mdong has joined #openstack-security20:35
*** sdake has quit IRC20:37
*** dave-mccowan has quit IRC20:38
*** mdong has quit IRC20:41
*** mdong has joined #openstack-security20:42
*** jass93 has quit IRC20:45
*** edmondsw has quit IRC20:51
openstackgerritRahul U Nair proposed openstack/syntribos: Adding unittests for glance client  https://review.openstack.org/37122420:52
*** sdake has joined #openstack-security20:55
*** jass93 has joined #openstack-security21:00
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797821:04
*** mvaldes1 has joined #openstack-security21:06
*** mvaldes has quit IRC21:09
*** capnoday has quit IRC21:10
*** diazjf has quit IRC21:16
*** sdake has quit IRC21:20
*** sdake has joined #openstack-security21:21
*** salv-orl_ has quit IRC21:22
*** salv-orlando has joined #openstack-security21:22
*** sdake has quit IRC21:25
openstackgerritMerged openstack/syntribos: Adding unittest for neutron client extension  https://review.openstack.org/37121921:37
*** mvaldes1 has quit IRC21:57
*** jass93 has quit IRC22:00
*** elmiko is now known as _elmiko22:09
*** gszafranski has quit IRC22:10
*** jass93 has joined #openstack-security22:19
*** mdong has quit IRC22:24
*** ayoung_ has quit IRC22:24
*** catintheroof has quit IRC22:31
*** mdong has joined #openstack-security22:32
*** markvoelker has quit IRC22:34
*** mdong has quit IRC23:22
« Thursday, 2016-09-15 Index Saturday, 2016-09-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!