incubator-deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Clift <>
Subject Re: [PATCH] dmtf reference implementation initial checkin
Date Wed, 19 Oct 2011 21:55:37 GMT
On 29/09/2011, at 9:34 AM, David Lutterkort wrote:
Hi Tong,
> On Wed, 2011-09-28 at 11:33 -0700, wrote:
>> From: Tong Li <>
> first off, congrats, the patch applies now without any warnings. We are
> making progress ;)
> I have quite a few comments:

Just noticed something really old, but might still be important as it
sounds indicative of a security problem.

>      * ... The
>        mock driver stores its files in /var/tmp (how well does that
>        actually work under Windows ?)

Just to ask the question, does this mean we have an information leak
here, where "other users on a server" can potentially get details?

Also thinking "race condition", if more than one user is doing stuff
with mock at the same time.  (?) If such a race can occur, and affect
more than just mock, sounds like an easy DoS any time there's a self
service user interface.  (ie Aeolus)

Regards and best wishes,

Justin Clift

Aeolus Community Manager

View raw message