* Affected Services will include Newton as we haven't removed the purge utility yet and don't plan on removing in Newton.
* Attack scenario is not very clear, not sure if that's intended. If you would like -- some more inline suggestions:
- Alice creates a VM that boots from image ID X "shared with her by trusted individual Bob"
- Bob (image X's owner) deletes the image "and as per design no notification is sent to Alice"
- Mallory creates a new image and specifies that the ID should be X "and shares it with Alice, again Alice is not aware of this update."
- Alice boots her VM without realizing that the image has changed
* Another possible scenario involves Mallory having the ability to publicize the image in which case sharing isn't required in the above case.
As a courtesy, please make sure to give 24 hours to the glance-core-sec team as people are in different parts of the world before publishing note.
Thanks the note looks mostly clean.
A few things to note:
* Affected Services will include Newton as we haven't removed the purge utility yet and don't plan on removing in Newton.
* Attack scenario is not very clear, not sure if that's intended. If you would like -- some more inline suggestions:
- Alice creates a VM that boots from image ID X "shared with her by trusted individual Bob"
- Bob (image X's owner) deletes the image "and as per design no notification is sent to Alice"
- Mallory creates a new image and specifies that the ID should be X "and shares it with Alice, again Alice is not aware of this update."
- Alice boots her VM without realizing that the image has changed
* Another possible scenario involves Mallory having the ability to publicize the image in which case sharing isn't required in the above case.
As a courtesy, please make sure to give 24 hours to the glance-core-sec team as people are in different parts of the world before publishing note.