[one-users] users can see other VMs, security concern ?
Danny Sternkopf
danny.sternkopf at csc.fi
Fri Feb 25 06:08:54 PST 2011
Not official, but it is has been added to the trunk since a couple of days.
On 2011-02-25 16:06, Zeeshan Ali Shah wrote:
> i think sunstone is not release yet ? how to get source of it .. it
> only shows screenshot here.
>
> http://blog.opennebula.org/?p=1344
> On 02/25/2011 03:01 PM, Danny Sternkopf wrote:
>> Yep, it is definately a major security risk.
>> The sunstone WebGUI has a user limited view in contrast.
>>
>>
>> On 2011-02-25 15:58, Zeeshan Ali Shah wrote:
>>> wow, i think user can see each other VM , definately they cannot delete
>>> them , but they can even look into other vms with onevm show..
>>>
>>> is it normal ? also user can see onehost list and onevnet show.
>>>
>>> which is bit issue as user can poke into infrastructure.
>>>
>>> with User i mean , normal user you create with oneuser create command
>>>
>>> do these concern a security risk ?
>>>
>>
>
>
More information about the Users
mailing list