Comment 11 for bug 1625402
Revision history for this message
| Charles Neill (charles-neill) wrote | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
I'm not sure I agree with the assessment that this isn't default functionality. The only thing required to enable the vulnerability is to specify an appropriate "work_dir" in Glance's configuration. If this is an unlikely or unreasonable thing to do, then I agree that this is a less severe issue.
It is admittedly admin-only functionality, may not be widely used, and might be seen as deprecated by the project team, but the documentation on Tasks (which is one mechanism at play in this bug) does not in any way note that it is pending deprecation [1]. Neither are OVA/OVF images mentioned as deprecated. There are public YouTube videos explaining how to import these images [2], suggesting that at least some people are interested in using this functionality.
Not trying to be alarmist, just trying to better understand the classification.
[1] http://
[2] https:/