[one-users] users can see other VMs, security concern ?
Zeeshan Ali Shah
zashah at pdc.kth.se
Fri Feb 25 06:06:52 PST 2011
i think sunstone is not release yet ? how to get source of it .. it
only shows screenshot here.
http://blog.opennebula.org/?p=1344
On 02/25/2011 03:01 PM, Danny Sternkopf wrote:
> Yep, it is definately a major security risk.
> The sunstone WebGUI has a user limited view in contrast.
>
>
> On 2011-02-25 15:58, Zeeshan Ali Shah wrote:
>> wow, i think user can see each other VM , definately they cannot delete
>> them , but they can even look into other vms with onevm show..
>>
>> is it normal ? also user can see onehost list and onevnet show.
>>
>> which is bit issue as user can poke into infrastructure.
>>
>> with User i mean , normal user you create with oneuser create command
>>
>> do these concern a security risk ?
>>
>
--
Regards
Zeeshan Ali Shah
System Administrator
PDC-Center for High Performance Computing
KTH-Royal Institute of Technology , Sweden
+46 8 790 9115
More information about the Users
mailing list