Comment 3 for bug 1331092

So it turns out this isn't really exploitable because the validate_networks call doesn't elevate the context so user requests for specific networks will fail. It only affects the default network selection in complex FlatDHCP setups. This is useful to fix as part of the multiple-networks blueprint however.