cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mehta <Nitin.Me...@citrix.com>
Subject Re: on templates size again (possibly security issue)
Date Mon, 18 Feb 2013 04:39:23 GMT
Lucian - If that be the case please file a bug with your relevant logs in
it. I am surprised see it though.

Easy way out is to disable the user registering a template is to set max
template limit to 0 in global config. But this will also disable him to
create template from snapshot.
Other way out is to set the permissions bits for register template api to
7 in the code which will exactly fix this problem.

On 18/02/13 12:29 AM, "Nux!" <nux@li.nux.ro> wrote:

>Hello,
>
>This is related to our recent discussion on customising the ROOT
>disk[1], being a bit unhappy about it I tried to test stuff and see how
>this could inconvenience users or admins.
>
>So I created a 1 TB Centos 6 qcow2 template (compressed is more like
>400 MB, but uncompressed is 10GB or so.. thanks ext4!) and tried to
>deploy it. Not only has Cloudstack (ACS 4.0.1) gladly downloaded and
>uncompressed the template even though the remote URL was NOT in the
>allowed list, but it also created an instance from it.. with 1 TB of
>space ... all this was done as a regular user, not admin.
>
>First thing I would need to do is disable the users' ability to
>register templates.. any pointers?
>
>
>Lucian
>
>
>[1] - 
>http://markmail.org/message/s2mp5b2x5pzjt634?q=list:org%2Eapache%2Eincubat
>or%2Ecloudstack-users+ROOT
>
>
>-- 
>Sent from the Delta quadrant using Borg technology!
>
>Nux!
>www.nux.ro


Mime
View raw message