Bug #1115
closed
rgw allows users to "give away" s3 objects
Added by Colin McCabe almost 13 years ago.
Updated over 6 years ago.
Description
The Rados gateway should not allow the owner of an object to be changed through a PUTACL operation. Amazon doesn't allow this. Unfortunately, RGW currently does. This could create all sorts of trouble with billing-- like creating tons of files and giving them away to some sucker who will then have to pay the storage costs.
I added a test for this to s3-tests. To run it, use:
cd ~/src/s3-tests
S3TEST_CONF=~/s3examples/amazon.conf ./virtualenv/bin/nosetests 'test_s3:test_object_giveaway'
- Target version set to v0.29
- Translation missing: en.field_position set to 1
- Translation missing: en.field_position changed from 1 to 674
- Translation missing: en.field_story_points set to 1
- Translation missing: en.field_position deleted (
674)
- Translation missing: en.field_position set to 1
- Translation missing: en.field_position changed from 1 to 674
- Target version changed from v0.29 to v0.30
- Translation missing: en.field_position deleted (
675)
- Translation missing: en.field_position set to 4
- Translation missing: en.field_position deleted (
8)
- Translation missing: en.field_position set to 6
- Status changed from New to Resolved
Fixed, commit:859462298170520d53a167c1da214e378ae2e78a.
- Project changed from Ceph to rgw
- Category deleted (
22)
- Target version deleted (
v0.30)
Bulk reassign of radosgw category to RGW project.
Also available in: Atom
PDF