buzztroll
commented
13 years ago It should further be noted that a user can attempt to boot any file to which the nimbus user on the VMM has read access.
Open buzztroll opened 13 years ago
buzztroll
commented
13 years ago It should further be noted that a user can attempt to boot any file to which the nimbus user on the VMM has read access.
A side effect of adding copy propagation for cumulus urls is that it can also be used as a pass through propagation method. This is off by default, but when enabled it has bad security implications. The nimbus user will be copying the images, which means that any file in the cumulus archive could be copied for boot. We need to have a whitelist of directories and some documentation heavily warning users about the implications if they enable pass through cp propagation.