Tuesday, 2016-08-23

« Monday, 2016-08-22 Index Wednesday, 2016-08-24 »
*** JAHoagie has quit IRC00:08
*** edtubill has joined #openstack-security00:11
*** knangia has quit IRC00:11
*** bigdogstl has joined #openstack-security00:15
*** sdake has joined #openstack-security00:16
*** bigdogstl has quit IRC00:21
*** bigdogstl has joined #openstack-security00:21
*** ccneill has quit IRC00:33
*** bigdogstl has quit IRC00:37
*** bigdogstl has joined #openstack-security00:38
*** bigdogstl has quit IRC00:41
*** bigdogstl has joined #openstack-security00:43
*** bigdogst_ has joined #openstack-security00:47
*** bigdogstl has quit IRC00:48
*** bigdogst_ has quit IRC00:53
*** diazjf has joined #openstack-security01:00
*** bigdogstl has joined #openstack-security01:01
*** bigdogstl has quit IRC01:06
*** sdake_ has joined #openstack-security01:06
*** sdake has quit IRC01:10
*** jamielennox is now known as jamielennox|away01:11
*** salv-orl_ has joined #openstack-security01:15
*** jamielennox|away is now known as jamielennox01:16
*** salv-orlando has quit IRC01:18
*** sdake_ has quit IRC01:19
*** sdake has joined #openstack-security01:22
*** salv-orl_ has quit IRC01:26
*** diazjf has quit IRC01:34
*** hockeynut has quit IRC01:36
*** markvoelker has joined #openstack-security01:44
*** markvoelker_ has joined #openstack-security01:46
*** zhihui has joined #openstack-security01:46
*** markvoelker has quit IRC01:50
*** aastha has quit IRC01:57
*** yuanying has quit IRC02:10
*** dave-mccowan has joined #openstack-security02:34
*** jamielennox is now known as jamielennox|away02:49
*** dave-mccowan has quit IRC02:56
*** dave-mccowan has joined #openstack-security02:59
*** jamielennox|away is now known as jamielennox03:06
*** dave-mccowan has quit IRC03:21
*** vinaypotluri has quit IRC03:21
*** diazjf has joined #openstack-security03:24
*** salv-orlando has joined #openstack-security03:30
*** bigdogstl has joined #openstack-security03:31
*** diazjf has quit IRC03:32
*** salv-orlando has quit IRC03:38
*** bigdogstl has quit IRC03:41
*** zul has quit IRC03:41
*** bigdogstl has joined #openstack-security03:44
*** dikonoor has joined #openstack-security03:45
*** zul has joined #openstack-security03:46
*** vinaypotluri has joined #openstack-security03:54
*** yuanying has joined #openstack-security03:59
*** markvoelker has joined #openstack-security04:21
*** markvoelker_ has quit IRC04:22
*** markvoelker has quit IRC04:28
*** salv-orlando has joined #openstack-security04:37
*** adminator has joined #openstack-security04:40
*** adminator has quit IRC04:42
*** salv-orlando has quit IRC04:49
*** jamielennox is now known as jamielennox|away04:49
openstackgerritRahul U Nair proposed openstack/syntribos: Adding a script to generate README.rst from docs  https://review.openstack.org/35881804:50
*** edtubill has quit IRC04:50
*** bigdogstl has quit IRC04:53
*** bigdogstl has joined #openstack-security04:53
*** bigdogstl has quit IRC04:56
*** bigdogstl has joined #openstack-security04:56
*** salv-orlando has joined #openstack-security04:58
*** bigdogstl has quit IRC05:01
openstackgerritRahul U Nair proposed openstack/syntribos: Adding a script to generate README.rst from docs  https://review.openstack.org/35881805:06
*** bigdogstl has joined #openstack-security05:13
*** bigdogstl has quit IRC05:17
*** sdake_ has joined #openstack-security05:21
*** jamielennox|away is now known as jamielennox05:23
*** sdake has quit IRC05:24
*** markvoelker has joined #openstack-security05:29
*** markvoelker has quit IRC05:39
*** sdake_ has quit IRC05:41
*** dstufft has quit IRC05:53
*** dstufft has joined #openstack-security05:54
*** jamielennox is now known as jamielennox|away06:11
*** pcaruana has joined #openstack-security06:14
*** woodster_ has quit IRC06:19
*** markvoelker has joined #openstack-security06:36
*** markvoelker has quit IRC06:42
*** shohel has joined #openstack-security07:13
*** salv-orl_ has joined #openstack-security07:16
*** tesseract- has joined #openstack-security07:18
*** salv-orlando has quit IRC07:19
*** salv-orl_ has quit IRC07:21
*** vinaypotluri has quit IRC07:21
*** salv-orlando has joined #openstack-security07:25
*** dikonoor has quit IRC07:35
*** dikonoor has joined #openstack-security07:36
*** markvoelker has joined #openstack-security07:38
*** markvoelker has quit IRC07:43
*** JAHoagie has joined #openstack-security07:43
*** JAHoagie has quit IRC07:48
*** austin987 has quit IRC07:53
*** rcernin has quit IRC07:56
*** openstackgerrit has quit IRC08:03
*** openstackgerrit has joined #openstack-security08:04
*** yuanying has quit IRC08:05
*** markvoelker has joined #openstack-security08:39
*** salv-orl_ has joined #openstack-security08:44
*** markvoelker has quit IRC08:44
*** salv-orlando has quit IRC08:45
*** salv-orl_ has quit IRC08:49
*** salv-orlando has joined #openstack-security08:50
*** d0ugal has quit IRC09:15
*** d0ugal has joined #openstack-security09:16
*** salv-orlando has quit IRC09:21
*** salv-orlando has joined #openstack-security09:21
*** markvoelker has joined #openstack-security09:40
*** JAHoagie has joined #openstack-security09:44
*** markvoelker has quit IRC09:44
*** JAHoagie has quit IRC09:50
*** dikonoor has quit IRC09:51
*** dikonoor has joined #openstack-security09:52
*** shohel has quit IRC10:07
*** shohel has joined #openstack-security10:08
*** markvoelker has joined #openstack-security11:09
*** markvoelker has quit IRC11:20
*** shohel has quit IRC11:30
*** shohel has joined #openstack-security11:30
*** rcernin has joined #openstack-security11:44
*** JAHoagie has joined #openstack-security11:44
*** JAHoagie has quit IRC11:48
*** rcernin has quit IRC12:23
*** rcernin has joined #openstack-security12:28
*** nkinder has joined #openstack-security12:31
*** edmondsw has joined #openstack-security12:40
*** JAHoagie has joined #openstack-security12:44
*** dave-mccowan has joined #openstack-security12:45
*** JAHoagie has quit IRC12:48
*** _elmiko is now known as elmiko12:52
*** JAHoagie has joined #openstack-security12:56
*** woodster_ has joined #openstack-security12:56
*** rcernin has quit IRC13:03
*** jass93 has quit IRC13:06
*** tmcpeak has joined #openstack-security13:20
*** bigdogstl has joined #openstack-security13:24
*** tmcpeak1 has joined #openstack-security13:25
*** tmcpeak has quit IRC13:28
*** sdake has joined #openstack-security13:36
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/35920113:36
*** sdake_ has joined #openstack-security13:37
*** sdake has quit IRC13:41
*** bigdogstl has quit IRC13:43
*** bigdogstl has joined #openstack-security13:57
*** bigdogstl has quit IRC14:02
*** pcaruana has quit IRC14:02
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/35920114:05
*** Munawwar has joined #openstack-security14:12
*** Munawwar has left #openstack-security14:12
*** cleong has joined #openstack-security14:14
*** pcaruana has joined #openstack-security14:17
*** edtubill has joined #openstack-security14:17
*** mvaldes has joined #openstack-security14:33
*** sdake_ has quit IRC14:35
*** sdake has joined #openstack-security14:41
*** JAHoagie has quit IRC14:46
*** bigdogstl has joined #openstack-security14:52
openstackgerritAndreas Jaeger proposed openstack/security-doc: Update to openstack-doc-tools 1.0  https://review.openstack.org/35925314:55
*** shohel has quit IRC14:56
*** bigdogstl has quit IRC14:57
*** hockeynut has joined #openstack-security14:58
*** vinaypotluri has joined #openstack-security15:01
*** edtubill has quit IRC15:07
*** salv-orlando has quit IRC15:08
*** salv-orlando has joined #openstack-security15:08
openstackgerritRahul U Nair proposed openstack/syntribos: Standardizing the way we diff signals  https://review.openstack.org/34940315:24
*** knangia has joined #openstack-security15:24
*** tesseract- has quit IRC15:46
*** bigdogstl has joined #openstack-security15:46
*** dikonoor has quit IRC15:49
*** bigdogstl has quit IRC15:53
*** pcaruana has quit IRC15:56
*** aastha has joined #openstack-security15:57
*** mdong has joined #openstack-security15:57
*** ccneill has joined #openstack-security16:05
openstackgerritRahul U Nair proposed openstack/syntribos: Standardizing the way we diff signals  https://review.openstack.org/34940316:07
*** pcaruana has joined #openstack-security16:09
*** nkinder has quit IRC16:11
*** bigdogstl has joined #openstack-security16:23
*** austin987 has joined #openstack-security16:24
*** bigdogstl has quit IRC16:27
*** zul has quit IRC16:36
*** woodburn has quit IRC16:36
*** austin987 has quit IRC16:43
*** zul has joined #openstack-security16:48
*** woodburn has joined #openstack-security16:55
*** nkinder has joined #openstack-security17:05
openstackgerritRahul U Nair proposed openstack/syntribos: Standardizing the way we diff signals  https://review.openstack.org/34940317:07
*** ibmchas has joined #openstack-security17:08
*** ibmchas has quit IRC17:13
*** zhihui has quit IRC17:13
*** bigdogstl has joined #openstack-security17:15
openstackgerritVinay Potluri proposed openstack/security-doc: Updated OSSN-0069  https://review.openstack.org/35671217:16
*** zhihui has joined #openstack-security17:16
*** bigdogstl has quit IRC17:20
*** zul has quit IRC17:26
*** hockeynut has quit IRC17:33
*** ibmchas has joined #openstack-security17:50
*** bigdogstl has joined #openstack-security17:51
*** ibmchas has quit IRC17:54
*** zul has joined #openstack-security17:55
*** bigdogstl has quit IRC17:58
*** jamielennox|away is now known as jamielennox18:01
*** ibmchas has joined #openstack-security18:11
*** hockeynut has joined #openstack-security18:13
*** ibmchas has quit IRC18:15
*** JAHoagie has joined #openstack-security18:28
*** ibmchas has joined #openstack-security18:32
*** diazjf has joined #openstack-security18:36
*** ibmchas has quit IRC18:36
*** zul has quit IRC18:46
*** markvoelker has joined #openstack-security18:58
*** zul has joined #openstack-security19:01
*** markvoelker has quit IRC19:01
openstackgerritVinay Potluri proposed openstack/security-doc: Updated OSSN-0069  https://review.openstack.org/35671219:04
*** ibmchas has joined #openstack-security19:13
*** ibmchas has quit IRC19:18
*** pcaruana has quit IRC19:20
*** tmcpeak1 has quit IRC19:22
*** salv-orlando has quit IRC19:28
*** salv-orlando has joined #openstack-security19:28
*** hockeynut has quit IRC19:28
*** salv-orlando has quit IRC19:32
*** singlethink has joined #openstack-security19:34
*** ibmchas has joined #openstack-security19:34
*** ibmchas_ has joined #openstack-security19:36
*** ibmchas has quit IRC19:38
*** markvoelker has joined #openstack-security19:57
*** woodburn has left #openstack-security19:59
openstackgerritKhanak Nangia proposed openstack/security-doc: Updated OSSN-0073 Added information about Horizon dashboard leaks  https://review.openstack.org/35732820:08
*** edmondsw has quit IRC20:13
*** hockeynut has joined #openstack-security20:27
*** sigmavirus is now known as sigmavirus|away20:29
openstackgerritMerged openstack/security-doc: fix checklist summary  https://review.openstack.org/34530020:33
*** diazjf has quit IRC20:38
*** nkinder has quit IRC20:40
ccneillaw, gerrit throws a 500 if you use emoji in comments lol :(20:41
unrahul:D20:50
unrahulI thought they always did `through` testing  before it was deployed :D20:51
*** markvoelker has quit IRC20:52
*** woodburn has joined #openstack-security20:53
vinaypotluri^thorough20:56
knangia*thorough20:56
unrahul><20:56
mdongactually yeah, does that mean gerrit can’t handle unicode?20:57
vinaypotluri(><)20:57
unrahulthat is kinda exciting .. :D20:57
*** diazjf has joined #openstack-security20:59
ccneillI'm sure we'd find some interesting stuff if we added gerrit to our list of projects to test lol21:02
unrahulhehe.. yeah! like that time when whatsapp used to crash if some weird uttf8 chars r entered21:05
ccneillso oslo-config-generator is pretty cool.. but it makes our example config huge21:08
unrahulthat was one of the problems and is still is for all core projects21:09
unrahulthe config given in the example is auto generated and a new person.. will not have much clue on what to do21:09
ccneillyeah..21:10
ccneill:/21:10
ccneill--minimal is a little better21:11
ccneillbut it leaves off all the keystone stuff21:11
ccneillwould be cool if you could turn off the 3-line "From syntribos.config" comment too21:13
*** shohel has joined #openstack-security21:14
ccneillalso, since we don't load the options for the auth test in syntribos.config, they don't show up.. wonder how we could best add those to the function called in entry_points, or if we should have a separate namespace for them or something21:14
*** mdong_ has joined #openstack-security21:17
*** mdong has quit IRC21:18
*** mdong_ is now known as mdong21:18
unrahulhey did any of guys already do the sanitize secrets thing..?21:19
unrahulin debug log?21:19
unrahulccneill: mdong ?21:21
ccneillI think mdong was taking the debug log action items21:22
ccneillbut he already has a few on his plate, so maybe you can tackle that one21:22
unrahuli was working on it..21:23
unrahuljust making sure no one is doing it..21:23
unrahul:D21:23
*** cleong has quit IRC21:24
*** mvaldes1 has joined #openstack-security21:25
*** mvaldes has quit IRC21:26
ccneillyeah I think you're good to take it unless mdong chimes in21:27
ccneilladd your name to the Trello item so everyone knows what's taken and what's not21:27
unrahulso ccneill  is it like we have to sanitize any 'password'/'token' etc coming in the log..?21:31
unrahulor only the config..?21:31
*** hockeynut has quit IRC21:31
unrahulbecause I think config is already done..21:31
ccneillright, config options you can just mark "secret"21:31
ccneillI meant X-Auth-Token headers mostly21:31
ccneillmaybe "password" too..21:32
ccneillit should probably be configurable in the logging settings whether you want to sanitize or not21:32
unrahulso what if are fuzzing it.. and the password and tokens..?21:32
*** salv-orlando has joined #openstack-security21:32
ccneillyeah, I'm not sure if we should be filtering the actual data we send, only the information in the auth requests really21:32
ccneilllike the password in the token request21:32
ccneillhmm.. not sure how we could easily select that one thing to filter though21:33
unrahulwhat i did was searching for a secret whitelist like password/token/secretkey and all that and sanitizing it..21:33
unrahulbut then I realized that we might need that info when fuzzing21:33
ccneillright21:33
unrahulif  a`unicode` password breaks the damn thing..21:33
ccneillhaha yeah21:33
unrahulhehe..21:34
unrahulso.. how do u think the approach should be.. :/21:34
ccneillwe could have a property on RequestObject like "filter_secrets" or something21:34
ccneilland modify the logging behavior based on that21:34
unrahulor in config..? filter_secrets?21:35
unrahulin logging section..?21:35
unrahulbecause we would need to sanitize, if syntribos has to be used in gate jobs.. , otherwise.. all hell would break loose21:35
ccneillI think we want a property on the RequestObjects to determine which requests to filter and which not to, and a config option in syntribos.config to toggle whether you want that filtering to do anything or not21:35
mdongsorry, just saw this, yeah, I wasn’t working on that one21:36
ccneillso we would add that property to all the keystone requests that we do to get tokens or do anything sensitive21:36
ccneillbut fuzz requests wouldn't be filtered at all21:36
ccneillsince it's assumed that you're not going to put your actual passwords into the templates...21:36
ccneillif you do, well.. we can't really save you from all the ways you can shoot yourself in the foot :/21:36
ccneillbut if people write other extensions that they don't want to log secrets from, they can just toggle the "filter_secrets" property of the RequestObject too21:37
ccneillmake sense unrahul ?21:38
ccneillmight have to modify the way the identity extension works a little bit, but shouldn't be too much21:38
unrahulyup that make sense ccneill ; gonna poke around it ..21:38
ccneilljust default it to False so you don't have to modify the calls in other places21:38
ccneillcool cool21:39
unrahulyup..21:39
unrahuli have a feeling someone out there.. will put the creds in a template..21:39
unrahulalryt ccneill thanks!21:40
ccneill(;¬_¬)21:40
unrahul+1 mdong21:40
unrahulhehe21:40
ccneillof course lol21:40
ccneillwe should probably add a line to the template creation documentation telling you not to do that21:40
unrahulhehe.. when has a warning stopped anyone :D21:41
unrahulhehe.. but yeah we should..21:41
ccneillhmmm... actually that brings up an interesting conundrum for my template generation script too.. it might dump actual creds into the templates it generates :X21:41
ccneillat least when using it for keystone..21:41
unrahul:D.. whoa21:41
ccneillsigh21:41
ccneillguess I can just filter it out manually lol21:41
unrahul:| .. i dont think that would be wise..21:43
*** mvaldes1 has quit IRC21:44
*** sdake has quit IRC21:45
*** sdake has joined #openstack-security21:45
*** sdake has quit IRC21:45
*** sdake has joined #openstack-security21:46
ccneillyeah, probably best to filter out as many secrets as possible and replace them with dummy values21:47
ccneillI'm already doing that with the X-Auth-Token header21:47
*** diazjf has quit IRC21:52
*** diazjf has joined #openstack-security21:54
openstackgerritMerged openstack/security-doc: Update to openstack-doc-tools 1.0  https://review.openstack.org/35925322:12
*** singlethink has quit IRC22:13
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/31434722:15
openstackgerritMichael Dong proposed openstack/syntribos: fixed results error and failure counting  https://review.openstack.org/35946322:18
openstackgerritMichael Dong proposed openstack/syntribos: fixed results error and failure counting  https://review.openstack.org/35946322:18
*** diazjf has quit IRC22:18
*** shohel has quit IRC22:19
openstackgerritMichael Dong proposed openstack/syntribos: Added config file improvements  https://review.openstack.org/35885622:24
*** mdong has quit IRC22:35
*** elmiko is now known as _elmiko22:41
*** sdake has quit IRC22:44
*** sdake has joined #openstack-security22:44
*** ibmchas_ has quit IRC22:49
*** jass93 has joined #openstack-security23:08
openstackgerritRahul U Nair proposed openstack/syntribos: Fixed a trivial bug in keyboard interrupt part  https://review.openstack.org/35947223:10
*** bigdogstl has joined #openstack-security23:25
*** bigdogstl has quit IRC23:29
*** yuanying has joined #openstack-security23:30
*** salv-orlando has quit IRC23:36
*** bigdogstl has joined #openstack-security23:45
*** bigdogstl has quit IRC23:50
« Monday, 2016-08-22 Index Wednesday, 2016-08-24 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!