[one-users] users can see other VMs, security concern ?

Zeeshan Ali Shah zashah at pdc.kth.se
Fri Feb 25 06:06:52 PST 2011

i think sunstone  is not release yet  ?  how to get source of it .. it 
only shows screenshot here.

On 02/25/2011 03:01 PM, Danny Sternkopf wrote:
> Yep, it is definately a major security risk.
> The sunstone WebGUI has a user limited view in contrast.
> On 2011-02-25 15:58, Zeeshan Ali Shah wrote:
>> wow, i think user can see each other VM , definately they cannot delete
>> them , but they can even look into  other vms with onevm show..
>> is it normal ?   also user can see onehost list and onevnet show.
>> which is bit issue as user can poke into infrastructure.
>> with User i mean , normal user you create with oneuser create command
>> do these concern a security risk ?


Zeeshan Ali Shah
System Administrator
PDC-Center for High Performance Computing
KTH-Royal Institute of Technology , Sweden
+46 8 790 9115

More information about the Users mailing list