cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nnesic <>
Subject [GitHub] cloudstack pull request: Fixed user_vm_view to only display keypai...
Date Thu, 29 Oct 2015 13:11:10 GMT
GitHub user nnesic opened a pull request:

    Fixed user_vm_view to only display keypairs belonging to the account.

    The user_vm_view displayes the keypair information by joining vm_details with ssh_keypairs
on the key value exclusively. 
    We found a scenario in which this can cause information leakage. If there are two accounts
using the same key, but create a different key name for it, and then a vm is created using
one of the keys, the view will list both keypairs as belonging to the vm, which can in turn
cause confusion to the users who see a keypair name which they did not create. 
    The fix simply limits the view to displaying keypairs which belong to vm's account. 
    I added it to the latest schema migration only; should I also include it in the previous

You can merge this pull request into a Git repository by running:

    $ git pull user_vm_keypairs_fix

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1006
commit aae47af5c1798dd480144bc38425251307838a62
Author: nnesic <>
Date:   2015-10-29T12:18:17Z

    Fixed user_vm_view to only display keypairs belonging to the account.


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message