[one-users] users can see other VMs, security concern ?

Danny Sternkopf danny.sternkopf at csc.fi
Fri Feb 25 06:01:57 PST 2011


Yep, it is definately a major security risk.
The sunstone WebGUI has a user limited view in contrast.


On 2011-02-25 15:58, Zeeshan Ali Shah wrote:
> wow, i think user can see each other VM , definately they cannot delete
> them , but they can even look into  other vms with onevm show..
>
> is it normal ?   also user can see onehost list and onevnet show.
>
> which is bit issue as user can poke into infrastructure.
>
> with User i mean , normal user you create with oneuser create command
>
> do these concern a security risk ?
>

-- 
Danny Sternkopf, Systems Specialist, Computing Environments
P.O.Box 405, 02101 Espoo, Finland
tel +358 9 457 2003, fax +358 9 457 2302
Mobile +358 50 381 8569, e-mail danny.sternkopf at csc.fi
CSC - IT center for science, http://www.csc.fi


More information about the Users mailing list