Bug 1025184 - People can extend other's job watchdog time.
Summary: People can extend other's job watchdog time.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Beaker
Classification: Retired
Component: command line
Version: develop
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: beaker-dev-list
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-31 08:05 UTC by xjia
Modified: 2020-10-21 14:19 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-10-21 14:15:14 UTC
Embargoed:


Attachments (Terms of Use)

Description xjia 2013-10-31 08:05:12 UTC
Description of problem:
userA and userB are normal user.
UserA submit a job, and userB could extend this task watchdog time.

Version-Release number of selected component (if applicable):
0.14.2

How reproducible:
100%

Steps to Reproduce:
1.userA submit a job. 
2.userB use command "bkr watchdog-show 106613" 
3.userB use command "bkr watchdog-extend 106613 --by 1000"
4.userB use command "bkr watchdog-show 106613" 


Actual results:
The watchdog time is modified. 

Expected results:
Have no permission to operate it.

Additional info:

Comment 2 Dan Callaghan 2013-11-11 06:50:15 UTC
Note that this existing behaviour is because we do not have any way to authenticate calls which come from test systems (and extending the watchdog is one of those calls). See bug 843687 for that.


Note You need to log in before you can comment on or make changes to this bug.