Horizon doesn't provide ACL on Instance level
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi,
we use Horizon in our company with 2k+ employees and I was assigned into a common Project, where many of my colleagues have legitimate access. However, I'm running a "private" instance, which contains sensitive data, such as LDAP login, issue tracking / GitLab tokens etc.
The problem is that I want to be able to use the Console tab upon my instance when necessary, but that means everyone else in the same project have access to the Console of my "private" instance. Which means they can e.g.:
- reboot the instance
- edit grub entry (add `init=/bin/bash` to the `linux` command)
- become limitless
- even if I encrypt the disk first, they could edit the image I run so that I use grub with keylogger from modified Stage1 hence they force me to type the decryption password once it reboots
- essentially no matter what I do, I cannot prevent anyone "physical" access to my "private" instance
This could be solved by creating an Access Control List implementation so that the instance creator could choose who would have access to the instance from the GUI.
I hope it makes sense.
All best,
Jiří
This seems to be a security-related feature request rather than a vulnerability report, so I'm switching it to a regular public bug type and adding the security tag instead.