keypair information leak
Bug #1050347 reported by
Pedro Perez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Thierry Carrez |
Bug Description
keypairs generated by nova include the user and the name of the controller node that generated them in the comment field of the public key.
That info can be seen in any VM in the file /root/.
Fixing this is trivial, it is only a matter of adding the "-C", keyfile parameters to utils.execute in generate_key_pair (nova/crypto.py)
Changed in nova: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: security |
Changed in nova: | |
milestone: | none → folsom-rc1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | folsom-rc1 → 2012.2 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/12938
Review: https:/