Comment 5 for bug 1065187
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Non-admin users can cause public glance images to be deleted from the backend storage repository | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Also two precisions on impact, so that we can draft the description correctly:
* you mention "non-protected images", could you elaborate on the class of images that are vulnerable ? Does it mean any image on non-read-only backends ? Or is there a way to "protect" images on read/write backends ?
* you mention "may delete the image", but from the looks of the code it looks like vulnerable ("non-protected") images would always get deleted by a delete request ?