Comment 6 for bug 1029950

Revision history for this message
Thierry Carrez (ttx) wrote :

For Glance, I think capping the size of images is a good strengthening measure that should definitely be implemented. I just fail to be convinced that this closes a vulnerability: IMHO it falls in normal usage (yes, you can fill Glance and Swift space if you want to, but should be billed for it). Maybe that's just me, though :)

It's another story for Nova, which should not be DoSed because Glance lets people do weird things. It should implement its own capping/protection IMHO. The x-image-meta-location is even more convenient to exploit for fun and profit, this is a vulnerability and it should be fixed.

I'd really like to hear others opinions. Russell, Steve, Vish ?