> Has this code been security audited at all? It seems to me that
the
> billing portion of OpenStack will likely be a high priority target
> for attackers (and naughty users/etc.).
The security story for Ceilometer definitely needs to be hardened ...
- the usage-related notifications emitted by the openstack services
(nova, glance, cinder ... etc.) are implicitly trusted, i.e. auth
doesn't go beyond the user/password-style mechanisms implemented
by the AMQP provider
I should have qualified that statement with the obvious observation
that if the AMQP infrastructure is compromised in openstack, then
all sorts of badness will ensue, not limited to the metering side
(as the compute, volumes and networking fabric all rely heavily
on RPC over AMQP).
Cheers,
Eoghan
- metering messages between ceilometer agents are signed using
a secret stored in plain text in the config file
- the ceilometer API service is not integrated with keystone as yet
so does not do token validation or role-based policy verification
The ceilometer team intends to make progress on the auth story in
the Grizzly timeframe.
Cheers,
Eoghan
_______________________________________________
cloud mailing list
cloud(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/cloud