Red Hat Bugzilla – Bug 1025184
People can extend other's job watchdog time.
Last modified: 2018-02-05 19:41:31 EST
Description of problem:
userA and userB are normal user.
UserA submit a job, and userB could extend this task watchdog time.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.userA submit a job.
2.userB use command "bkr watchdog-show 106613"
3.userB use command "bkr watchdog-extend 106613 --by 1000"
4.userB use command "bkr watchdog-show 106613"
The watchdog time is modified.
Have no permission to operate it.
Note that this existing behaviour is because we do not have any way to authenticate calls which come from test systems (and extending the watchdog is one of those calls). See bug 843687 for that.