Comment 5 for bug 1482371
Revision history for this message
| Erno Kuvaja (jokke) wrote Re: Image status can be changed by passing header 'x-image-meta-status' with PUT operation using v1 | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
After having a chat with Hemanth, I'd like to pull back that previous statement about opening this bug. There is attack vector that has not been discussed openly. If admin has deactivated image due to malicious content/behavior, that image can be put back to queued and activated without approval.
This would allow booting new VMs from that potentially malicious image. So lets keep this closed for now.