cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-5152) Basic Zone - Security group belonging to a project can be used to deploy VM outside the project (in same account, and also in different account)
Date Wed, 04 Dec 2013 20:04:35 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839288#comment-13839288
] 

ASF subversion and git services commented on CLOUDSTACK-5152:
-------------------------------------------------------------

Commit f1973340d30042ae39c7465adfbc5a9537b3e3fa in branch refs/heads/master from [~alena1108]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f197334 ]

CLOUDSTACK-5152: when deployVm with SG, verify that vm and sg belong to the same account.
Do this verification even when the call is done by the ROOT admin

Conflicts:
	server/src/com/cloud/user/AccountManagerImpl.java


> Basic Zone - Security group belonging to a project can be used to deploy VM outside the
project (in same account, and also in different account)
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5152
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5152
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.3.0
>            Reporter: Gaurav Aradhye
>            Assignee: Alena Prokharchyk
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> In basic zone,
> Create an account and a project in that account.
> Create a security group which belongs to this project.
> Try to deploy VM using this security group outside the project.
> Creation of VM is successful and if you list the virtual machines, in response it will
show the security group in the sec groups list and it will show the account of security group
as the account in which you have deployed the instance (instead it should list the project
to which security group belongs)
> This is an issue, security group belonging to a project should not be allowed to be used
outside the project.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message