A side effect of adding copy propagation for cumulus urls is that it can also be used as a pass through propagation method. This is off by default, but when enabled it has bad security implications. The nimbus user will be copying the images, which means that any file in the cumulus archive could be copied for boot. We need to have a whitelist of directories and some documentation heavily warning users about the implications if they enable pass through cp propagation.
A side effect of adding copy propagation for cumulus urls is that it can also be used as a pass through propagation method. This is off by default, but when enabled it has bad security implications. The nimbus user will be copying the images, which means that any file in the cumulus archive could be copied for boot. We need to have a whitelist of directories and some documentation heavily warning users about the implications if they enable pass through cp propagation.