cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pranav Saxena <>
Subject RE: on templates size again (possibly security issue)
Date Mon, 18 Feb 2013 04:48:44 GMT
The fix suggested by Nitin at the API level is perfect. Though, if you want you can also have
a fix at the UI layer as well by not allowing the user to register a template. 

-----Original Message-----
From: Nitin Mehta [] 
Sent: Monday, February 18, 2013 10:09 AM
Subject: Re: on templates size again (possibly security issue)

Lucian - If that be the case please file a bug with your relevant logs in it. I am surprised
see it though.

Easy way out is to disable the user registering a template is to set max template limit to
0 in global config. But this will also disable him to create template from snapshot.
Other way out is to set the permissions bits for register template api to
7 in the code which will exactly fix this problem.

On 18/02/13 12:29 AM, "Nux!" <> wrote:

>This is related to our recent discussion on customising the ROOT 
>disk[1], being a bit unhappy about it I tried to test stuff and see how 
>this could inconvenience users or admins.
>So I created a 1 TB Centos 6 qcow2 template (compressed is more like
>400 MB, but uncompressed is 10GB or so.. thanks ext4!) and tried to 
>deploy it. Not only has Cloudstack (ACS 4.0.1) gladly downloaded and 
>uncompressed the template even though the remote URL was NOT in the 
>allowed list, but it also created an instance from it.. with 1 TB of 
>space ... all this was done as a regular user, not admin.
>First thing I would need to do is disable the users' ability to 
>register templates.. any pointers?
>[1] -
>Sent from the Delta quadrant using Borg technology!

View raw message