Comment 19 for bug 1524274
Revision history for this message
| Matthew Booth (mbooth-9) wrote Re: Unprivileged api user can access host data using instance snapshot | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
So the live snapshot thing is definitely a bug. However, it *doesn't* result in leaking data from the host. I'm not 100% sure why, but the resulting file is still a qcow2 with a backing file. As we don't have this backing file, there's no data leak.
As I don't understand why it's not broken, I'd still be inclined to fix it, tbh. It's definitely not safe.