[one-users] users can see other VMs, security concern ?

Zeeshan Ali Shah zashah at pdc.kth.se
Fri Feb 25 06:06:52 PST 2011


i think sunstone  is not release yet  ?  how to get source of it .. it 
only shows screenshot here.

http://blog.opennebula.org/?p=1344
On 02/25/2011 03:01 PM, Danny Sternkopf wrote:
> Yep, it is definately a major security risk.
> The sunstone WebGUI has a user limited view in contrast.
>
>
> On 2011-02-25 15:58, Zeeshan Ali Shah wrote:
>> wow, i think user can see each other VM , definately they cannot delete
>> them , but they can even look into  other vms with onevm show..
>>
>> is it normal ?   also user can see onehost list and onevnet show.
>>
>> which is bit issue as user can poke into infrastructure.
>>
>> with User i mean , normal user you create with oneuser create command
>>
>> do these concern a security risk ?
>>
>


-- 
Regards

Zeeshan Ali Shah
System Administrator
PDC-Center for High Performance Computing
KTH-Royal Institute of Technology , Sweden
+46 8 790 9115




More information about the Users mailing list