cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject on templates size again (possibly security issue)
Date Sun, 17 Feb 2013 18:59:42 GMT
Hello,

This is related to our recent discussion on customising the ROOT 
disk[1], being a bit unhappy about it I tried to test stuff and see how 
this could inconvenience users or admins.

So I created a 1 TB Centos 6 qcow2 template (compressed is more like 
400 MB, but uncompressed is 10GB or so.. thanks ext4!) and tried to 
deploy it. Not only has Cloudstack (ACS 4.0.1) gladly downloaded and 
uncompressed the template even though the remote URL was NOT in the 
allowed list, but it also created an instance from it.. with 1 TB of 
space ... all this was done as a regular user, not admin.

First thing I would need to do is disable the users' ability to 
register templates.. any pointers?


Lucian


[1] - 
http://markmail.org/message/s2mp5b2x5pzjt634?q=list:org%2Eapache%2Eincubator%2Ecloudstack-users+ROOT


-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Mime
View raw message