cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mehta <>
Subject Re: on templates size again (possibly security issue)
Date Mon, 18 Feb 2013 04:39:23 GMT
Lucian - If that be the case please file a bug with your relevant logs in
it. I am surprised see it though.

Easy way out is to disable the user registering a template is to set max
template limit to 0 in global config. But this will also disable him to
create template from snapshot.
Other way out is to set the permissions bits for register template api to
7 in the code which will exactly fix this problem.

On 18/02/13 12:29 AM, "Nux!" <> wrote:

>This is related to our recent discussion on customising the ROOT
>disk[1], being a bit unhappy about it I tried to test stuff and see how
>this could inconvenience users or admins.
>So I created a 1 TB Centos 6 qcow2 template (compressed is more like
>400 MB, but uncompressed is 10GB or so.. thanks ext4!) and tried to
>deploy it. Not only has Cloudstack (ACS 4.0.1) gladly downloaded and
>uncompressed the template even though the remote URL was NOT in the
>allowed list, but it also created an instance from it.. with 1 TB of
>space ... all this was done as a regular user, not admin.
>First thing I would need to do is disable the users' ability to
>register templates.. any pointers?
>[1] - 
>Sent from the Delta quadrant using Borg technology!

View raw message