incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nux (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-1327) Cloudstack allows users to import huge templates from unauthorised URLs
Date Tue, 19 Feb 2013 17:37:12 GMT
Nux created CLOUDSTACK-1327:
-------------------------------

             Summary: Cloudstack allows users to import huge templates from unauthorised URLs
                 Key: CLOUDSTACK-1327
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1327
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server, Template
    Affects Versions: 4.0.1
         Environment: Centos 6 x86_64 kvm hypervisors
            Reporter: Nux
            Priority: Critical


Because Cloudstack deploys instances as r/w snapshots of the template, importing a template
with, say 1 TB diskspace will give you 1 TB instances... this will lead to service abuse.

Currently Cloudstack allows regular users to install templates from not allowed URLs.



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message