Bug 1025184

Summary: People can extend other's job watchdog time.
Product: [Retired] Beaker Reporter: xjia <xjia>
Component: command lineAssignee: beaker-dev-list
Status: CLOSED WONTFIX QA Contact: tools-bugs <tools-bugs>
Severity: low Docs Contact:
Priority: low    
Version: developCC: qwan, tools-bugs, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-21 14:15:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description xjia 2013-10-31 08:05:12 UTC 
Description of problem:
userA and userB are normal user.
UserA submit a job, and userB could extend this task watchdog time.

Version-Release number of selected component (if applicable):
0.14.2

How reproducible:
100%

Steps to Reproduce:
1.userA submit a job. 
2.userB use command "bkr watchdog-show 106613" 
3.userB use command "bkr watchdog-extend 106613 --by 1000"
4.userB use command "bkr watchdog-show 106613" 


Actual results:
The watchdog time is modified. 

Expected results:
Have no permission to operate it.

Additional info:
Comment 2 Dan Callaghan 2013-11-11 06:50:15 UTC 
Note that this existing behaviour is because we do not have any way to authenticate calls which come from test systems (and extending the watchdog is one of those calls). See bug 843687 for that.