Comment 39 for bug 1990157
Revision history for this message
| Erno Kuvaja (jokke) wrote Re: Malicious image data modification can happen when using COW | #39 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
As this addresses a known issue, it is not an embargoed note concerning
+a zero-day exploit. If, however, you are learning about this for the
+first time, and you are exposing image locations to end users, it is
+possible to limit the scope of the exploit described herein immediately
+by restricting Glance policies related to image sharing:
+
+- "publicize_image" governs the ability to make an image available
+ to all users in a cloud, and such images appear in the default
+ image-list response for all users. It is restricted by default
+ to be admin-only.
+
+- "communitize_image" governs the ability to make an image available
+ to all users, though it does not appear in the default image-list
+ response for all users. The default configuration allows any
+ image owner to do this.
+
+- "add_member" governs the ability to share an image with particular
+ other projects. The default configuration allows any image owner
+ to do this.
+
+Restricting these to admin-only would limit the exploit to a single
+project, but given that it still allows for a disgruntled user to
+maliciously modify images within that project, it is not recommended
+as a long term solution.
I would not include this section. It gives false sign of security while it does not prevent using already shared, community or public images through the vector.