Comment 2 for bug 1606495
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Yep, copy_from is dangerous, that's why it's not in the v2 API and one reason why the v1 API will be deprecated in Newton.
As far as malicious content goes, it does make it easier for an end user to be tricked (they just need to know the URL) and Glance will go get it for them. But if a cloud allows end users to upload image data, the end user can simply download from the URL and then upload the payload. Thus I don't see it as being much different from the current situation.
The port scanner is an interesting case as it can expose information about what ports are in use on the server running Glance. I don't know whether it could reveal info that couldn't be discovered by other means. Someone else will have to answer that.