Tuesday, 2016-08-16

« Monday, 2016-08-15 Index Wednesday, 2016-08-17 »
*** markvoelker has joined #openstack-security00:00
*** tkelsey has joined #openstack-security00:00
*** ninag has joined #openstack-security00:01
*** ninag has quit IRC00:01
*** tkelsey has quit IRC00:05
*** knangia has quit IRC00:11
*** elmiko is now known as _elmiko00:22
*** jamielennox is now known as jamielennox|away00:48
*** jamielennox|away is now known as jamielennox00:49
*** zhihui has joined #openstack-security01:37
*** elo has quit IRC01:45
*** vinaypotluri has quit IRC01:51
*** tkelsey has joined #openstack-security02:02
*** tkelsey has quit IRC02:06
*** jamielennox is now known as jamielennox|away02:07
openstackgerritStanislaw Pitucha proposed openstack/bandit: Detect binary output file (txt/html)  https://review.openstack.org/35530502:09
*** elo has joined #openstack-security02:22
openstackgerritzhangyanxian proposed openstack/syntribos: Another patch to fix the typo  https://review.openstack.org/35569602:23
openstackgerritzhangyanxian proposed openstack/syntribos: Another patch to fix the typo  https://review.openstack.org/35569602:24
*** jamielennox|away is now known as jamielennox02:26
*** vinaypotluri has joined #openstack-security02:42
*** yuanying has quit IRC02:49
*** elo has quit IRC02:51
*** yuanying has joined #openstack-security02:52
*** elo has joined #openstack-security02:57
*** elo has quit IRC03:12
*** elo has joined #openstack-security03:17
*** yuanying has quit IRC03:48
*** yuanying has joined #openstack-security03:51
*** elo has quit IRC05:04
*** zhihui has quit IRC05:10
*** lala has joined #openstack-security05:12
*** lala is now known as Guest2344505:12
Guest23445hello05:17
*** Guest23445 is now known as zh05:17
*** zh is now known as zhh05:19
*** markvoelker has quit IRC05:58
*** tkelsey has joined #openstack-security06:05
*** tkelsey has quit IRC06:09
*** rcernin has joined #openstack-security06:14
*** elo has joined #openstack-security06:16
*** elo has quit IRC06:27
*** elo has joined #openstack-security06:27
*** murphy_zhao has joined #openstack-security06:33
*** zhh has quit IRC06:40
*** zhh has joined #openstack-security06:40
*** markvoelker has joined #openstack-security06:51
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Zanata  https://review.openstack.org/35574806:51
*** liverpooler has joined #openstack-security06:53
*** tkelsey has joined #openstack-security06:54
openstackgerritMerged openstack/security-doc: Imported Translations from Zanata  https://review.openstack.org/35574807:01
*** lhinds|out is now known as lhinds07:34
*** liverpooler has quit IRC07:35
*** liverpooler has joined #openstack-security07:37
openstackgerritStanislaw Pitucha proposed openstack/bandit: Fix blacklist filtering  https://review.openstack.org/35577208:00
*** markvoelker has quit IRC08:01
*** dikonoor has joined #openstack-security08:35
*** tkelsey has quit IRC08:39
*** markvoelker has joined #openstack-security09:02
*** markvoelker has quit IRC09:07
*** vinaypotluri has quit IRC09:11
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/35581109:25
*** nkinder has quit IRC09:44
*** markvoelker has joined #openstack-security10:03
*** markvoelker has quit IRC10:08
*** nkinder has joined #openstack-security10:13
*** dikonoor has quit IRC10:20
*** v12aml has left #openstack-security10:28
*** aastha has quit IRC10:37
*** dikonoor has joined #openstack-security10:44
*** v12aml has joined #openstack-security10:46
*** dikonoor has quit IRC10:47
*** dikonoor has joined #openstack-security10:47
*** dikonoor has quit IRC10:50
*** markvoelker has joined #openstack-security11:04
*** jass93 has quit IRC11:08
*** markvoelker has quit IRC11:08
*** dikonoor has joined #openstack-security11:23
*** sdake has joined #openstack-security11:36
*** markvoelker has joined #openstack-security12:05
*** sigmavirus|away is now known as sigmavirus12:05
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/35581112:07
*** markvoelker has quit IRC12:09
*** markvoelker has joined #openstack-security12:26
*** zhh has quit IRC12:37
*** _elmiko is now known as elmiko12:57
*** edmondsw has joined #openstack-security13:11
*** catintheroof has joined #openstack-security13:36
*** singlethink has joined #openstack-security13:39
*** catintheroof has quit IRC13:43
*** liverpooler has quit IRC14:14
*** diazjf has joined #openstack-security14:19
*** edtubill has joined #openstack-security14:19
*** edtubill has quit IRC14:23
*** edtubill has joined #openstack-security14:31
*** mvaldes has joined #openstack-security14:47
*** woodburn has joined #openstack-security14:52
*** vinaypotluri has joined #openstack-security14:56
*** hockeynut has joined #openstack-security15:10
*** dikonoor has quit IRC15:11
*** hockeynu_ has joined #openstack-security15:15
*** hockeynut has quit IRC15:18
*** edtubill has quit IRC15:38
*** rcernin has quit IRC15:46
openstackgerritDoug Chivers proposed openstack/security-analysis: Designate third-party security review artifacts  https://review.openstack.org/35602515:48
*** edtubill has joined #openstack-security16:04
*** knangia has joined #openstack-security16:07
*** sdake has quit IRC16:09
*** hockeynu_ has quit IRC16:10
*** ccneill has joined #openstack-security16:15
unrahulccneill:  https://gist.github.com/rahulunair/7dfff7187a70c5e05eb1a19135ce0584 mitm logs..16:17
*** mdong has joined #openstack-security16:34
*** hockeynut has joined #openstack-security16:40
openstackgerritMerged openstack/syntribos: Another patch to fix the typo  https://review.openstack.org/35569616:43
ccneillunrahul: weird.. when I set up mitmproxy to use burp as an upstream proxy, it works.. o_O16:49
ccneillvery strange16:49
unrahul:o16:54
unrahulMay be it is running noe16:54
unrahulI have kept it to run16:54
unrahulHope our sever don't crash16:54
*** diazjf has quit IRC16:58
*** mdong has quit IRC17:00
*** edtubill has quit IRC17:00
*** hockeynut has quit IRC17:03
ccneillfor anyone who needs to rename templates from .txt->.template17:12
ccneill for i in `ls`; do; name=`echo -n $i | sed "s#\.txt#\.template#"`; mv $i $name; done17:12
ccneill:D17:12
ccneillbrb lunch17:12
*** mvaldes has quit IRC17:21
*** cleong has joined #openstack-security17:30
*** crushing_kit has joined #openstack-security17:36
*** crushing_kit has left #openstack-security17:37
*** ccneill has quit IRC17:47
*** sdake has joined #openstack-security17:55
*** ccneill has joined #openstack-security17:56
*** mdong has joined #openstack-security17:56
unrahul.. script-fu for today  :D17:58
*** rcernin has joined #openstack-security18:01
*** mvaldes has joined #openstack-security18:14
*** aastha has joined #openstack-security18:20
openstackgerritVinay Potluri proposed openstack/syntribos: Overwriting config options from CLI  https://review.openstack.org/35303918:38
*** edtubill has joined #openstack-security19:02
*** edtubill has quit IRC19:04
*** diazjf has joined #openstack-security19:05
*** mdong has quit IRC19:06
*** edtubill has joined #openstack-security19:13
*** sdake_ has joined #openstack-security19:14
*** sdake has quit IRC19:14
*** sdake_ has quit IRC19:15
*** sdake has joined #openstack-security19:16
*** edtubill has quit IRC19:18
*** edtubill has joined #openstack-security19:27
*** edtubill has quit IRC19:28
*** edtubill has joined #openstack-security19:30
mvaldess/mv/cp19:41
mvaldes;)19:41
mvaldesjust in case19:41
*** diazjf has quit IRC19:45
vinaypotlurihttp://www.qqpr.com/ascii/img/ascii-1084.gif19:45
*** diazjf has joined #openstack-security19:47
vinaypotlurihttp://3.bp.blogspot.com/-6OcthzzapiA/VmR_6SBJ-DI/AAAAAAAACcs/5eW33UdzGbU/w1200-h630-p-nu/ASCII-Scrapper-Mr-Bean.jpg19:47
openstackgerritDoug Chivers proposed openstack/security-analysis: Designate third-party security review artifacts  https://review.openstack.org/35602519:47
*** hockeynut has joined #openstack-security19:48
vinaypotlurihttp://nyancat.dakko.us/nyancat-new-fallback.png19:52
*** hockeynut has quit IRC19:53
openstackgerritDoug Chivers proposed openstack/security-analysis: Designate third-party security review artifacts  https://review.openstack.org/35602519:54
*** hockeynut has joined #openstack-security19:54
*** diazjf1 has joined #openstack-security20:00
*** diazjf has quit IRC20:04
*** edtubill has quit IRC20:07
*** mdong has joined #openstack-security20:14
*** diazjf1 has quit IRC20:19
*** B_Smith has quit IRC20:19
hyakuheielmiko lhinds nkinder can you take a look at https://review.openstack.org/356025 please?20:21
*** diazjf has joined #openstack-security20:29
*** B_Smith has joined #openstack-security20:32
*** diazjf has quit IRC20:37
elmikohyakuhei: will do20:37
hyakuheiCheers.20:37
elmikolikewise =)20:37
hyakuheiIt's not in the format that we'll do our own reviews in in terms of the diagrams20:38
elmikoack20:39
*** cleong has quit IRC20:49
*** diazjf has joined #openstack-security20:49
*** edtubill has joined #openstack-security20:52
openstackgerritDoug Chivers proposed openstack/security-analysis: Adding templates for security review artifacts  https://review.openstack.org/35613020:55
vinaypotluriccneill: do you think i should look into something ?  I'm just going through other CRs for now20:57
ccneillhmm.. maybe create some of the templates for barbican so that we're able to test it with Syntribos tomorrow? http://docs.openstack.org/developer/barbican/api/21:00
ccneillor reviewing any findings from our testing on keystone, looking at the code to try and figure out where we were getting those 500 issues?21:01
ccneillI don't think we want to launch into anything too big today since we'll be at the midcycle for the rest of the week21:01
ccneillreviewing open CRs would be good too21:02
dstanekccneill: 500s?21:02
ccneilldstanek: we found that one particular string, "..%c0%af"21:02
ccneilldstanek: we found that one particular string, "..%c0%af", when inserted in certain places caused a few 500 errors21:03
ccneillsorry for repeating myself lol21:03
dstanekccneill: we'll that's not cool. is there a bug already?21:03
ccneilldstanek: I don't think so, I'll try to get more details for ya21:04
dstanekccneill: cool, thanks21:06
dstaneki'm going to guess it catalog or federation mapping since we operate on those strings a little21:06
ccneillit was in a bunch of places actually.. let me see if I can find some good examples. our results output isn't great right now, so it's a lot to sift through unfortunately21:07
dstanekccneill: cool, if you paste it or create a bug with it, just mention my nick. taking off for a bit21:12
ccneillsure thing21:12
openstackgerritRahul U Nair proposed openstack/syntribos: Adding sub commands to Syntribos  https://review.openstack.org/35032521:15
*** edtubill has quit IRC21:20
*** rcernin has quit IRC21:27
*** aastha has quit IRC21:27
*** elmiko is now known as _elmiko21:55
*** mvaldes has quit IRC21:57
openstackgerritMerged openstack/syntribos: Overwriting config options from CLI  https://review.openstack.org/35303921:58
*** edmondsw has quit IRC21:58
*** diazjf has quit IRC22:03
*** mdong has quit IRC22:23
*** sdake has quit IRC22:27
*** sdake has joined #openstack-security22:28
openstackgerritMerged openstack/syntribos: Adding sub commands to Syntribos  https://review.openstack.org/35032522:38
*** singlethink has quit IRC22:43
openstackgerritDoug Chivers proposed openstack/security-doc: Added section on security review  https://review.openstack.org/35615322:43
*** dave-mccowan has quit IRC22:48
*** hockeynut has quit IRC22:55
*** jass93 has joined #openstack-security22:58
ccneilldstanek: https://bugs.launchpad.net/keystone/+bug/161390123:31
openstackccneill: Error: malone bug 1613901 not found23:31
ccneillmarked as a security defect, not sure if it's warranted but wanted to be on the safe side since I'm thinking it might be a bug in paste or some other framework rather than just a one-off thing23:32
dstanekccneill: great, thanks23:43
ccneillnp23:43
ccneilllet me know if there's any other info that would be helpful to add23:43
dstanekccneill: commented on the bug. it's super easy to reproduce.23:57
ccneillI guess that's a good thing? haha23:57
dstaneki'm not sure if it's a security issue as i can't see a way to attack it23:58
ccneillyeah, if it's just a utf-8 parse bug it's probably not security-impacting unless it somehow crashes the server, which it doesn't appear to23:59
« Monday, 2016-08-15 Index Wednesday, 2016-08-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!