Comment 23 for bug 1593799
Revision history for this message
| Nikhil Komawar (nikhil-komawar) wrote | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks the note looks mostly clean.
A few things to note:
* Affected Services will include Newton as we haven't removed the purge utility yet and don't plan on removing in Newton.
* Attack scenario is not very clear, not sure if that's intended. If you would like -- some more inline suggestions:
- Alice creates a VM that boots from image ID X "shared with her by trusted individual Bob"
- Bob (image X's owner) deletes the image "and as per design no notification is sent to Alice"
- Mallory creates a new image and specifies that the ID should be X "and shares it with Alice, again Alice is not aware of this update."
- Alice boots her VM without realizing that the image has changed
* Another possible scenario involves Mallory having the ability to publicize the image in which case sharing isn't required in the above case.
As a courtesy, please make sure to give 24 hours to the glance-core-sec team as people are in different parts of the world before publishing note.