Bug 1312443 - restrict access to endpoints to localhost only
restrict access to endpoints to localhost only
Product: Red Hat Storage Console
Classification: Red Hat
Component: ceph-installer (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2
Assigned To: Andrew Schoen
Depends On:
  Show dependency treegraph
Reported: 2016-02-26 12:20 EST by Alfredo Deza
Modified: 2017-06-16 16:27 EDT (History)
11 users (show)

See Also:
Fixed In Version: ceph-installer-1.2.2-1.el7scon
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-03-14 11:50:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alfredo Deza 2016-02-26 12:20:28 EST
Description of problem: all endpoints are accessible to any host

Version-Release number of selected component (if applicable):

How reproducible: 100%

Steps to Reproduce:
1. request any endpoint from a non-local server

Actual results: HTTP API responds

Expected results: No responses except for /setup/*/ endpoints

Additional info:
Comment 3 Alfredo Deza 2016-03-03 17:13:35 EST
This will need a bit more clarification. Even if requests to the installer are narrowed down to only localhost, it means that *any* user in the machine will be able to interact with the installer API.

That would defeat a lot of the purpose of restricting the access to localhost only. It would be similar to allowing ceph-deploy to be used by any user on the system: it can be completely destructive to do so.

If the path to further restrict this translates to requiring a secret/token/pass of any kind for the API to be able to function then we will need to punt this to a later version.
Comment 9 Gregory Meno 2017-01-17 11:54:25 EST
Is this a requirement from product or security? Do we need to consider this?
Comment 22 Tejas 2017-02-20 05:43:45 EST
Verified this on build:
Comment 24 errata-xmlrpc 2017-03-14 11:50:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.