incubator-deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Clift <jcl...@redhat.com>
Subject Re: [PATCH] dmtf reference implementation initial checkin
Date Wed, 19 Oct 2011 21:55:37 GMT
On 29/09/2011, at 9:34 AM, David Lutterkort wrote:
Hi Tong,
> 
> On Wed, 2011-09-28 at 11:33 -0700, email4tong@gmail.com wrote:
>> From: Tong Li <litong01@us.ibm.com>
> 
> first off, congrats, the patch applies now without any warnings. We are
> making progress ;)
> 
> I have quite a few comments:

Just noticed something really old, but might still be important as it
sounds indicative of a security problem.

<snip>
>      * ... The
>        mock driver stores its files in /var/tmp (how well does that
>        actually work under Windows ?)

Just to ask the question, does this mean we have an information leak
here, where "other users on a server" can potentially get details?

Also thinking "race condition", if more than one user is doing stuff
with mock at the same time.  (?) If such a race can occur, and affect
more than just mock, sounds like an easy DoS any time there's a self
service user interface.  (ie Aeolus)

Regards and best wishes,

Justin Clift

--
Aeolus Community Manager
http://www.aeolusproject.org



Mime
View raw message