Comment 17 for bug 1129748

Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.

I agree with Robert, this expose OpenStack user instance data to all context running on the compute node. Shell users aside, I fail to see why would apache or even the nobody user be allowed to list and read disk files.