pass through cp propagation needs a path whitelist #69

buzztroll opened this Issue Jul 22, 2011 · 1 comment


None yet
1 participant

buzztroll commented Jul 22, 2011

A side effect of adding copy propagation for cumulus urls is that it can also be used as a pass through propagation method. This is off by default, but when enabled it has bad security implications. The nimbus user will be copying the images, which means that any file in the cumulus archive could be copied for boot. We need to have a whitelist of directories and some documentation heavily warning users about the implications if they enable pass through cp propagation.


buzztroll commented Jul 22, 2011

It should further be noted that a user can attempt to boot any file to which the nimbus user on the VMM has read access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment