Bug 1025184 - People can extend other's job watchdog time.
People can extend other's job watchdog time.
Status: NEW
Product: Beaker
Classification: Community
Component: command line (Show other bugs)
develop
Unspecified Unspecified
low Severity low (vote)
: ---
: ---
Assigned To: beaker-dev-list
tools-bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-31 04:05 EDT by xjia
Modified: 2016-05-26 09:11 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description xjia 2013-10-31 04:05:12 EDT
Description of problem:
userA and userB are normal user.
UserA submit a job, and userB could extend this task watchdog time.

Version-Release number of selected component (if applicable):
0.14.2

How reproducible:
100%

Steps to Reproduce:
1.userA submit a job. 
2.userB use command "bkr watchdog-show 106613" 
3.userB use command "bkr watchdog-extend 106613 --by 1000"
4.userB use command "bkr watchdog-show 106613" 


Actual results:
The watchdog time is modified. 

Expected results:
Have no permission to operate it.

Additional info:
Comment 2 Dan Callaghan 2013-11-11 01:50:15 EST
Note that this existing behaviour is because we do not have any way to authenticate calls which come from test systems (and extending the watchdog is one of those calls). See bug 843687 for that.

Note You need to log in before you can comment on or make changes to this bug.