[Openstack-security] [Bug 1175193] Re: Instance actions history is unbounded
Russell Bryant
1175193 at bugs.launchpad.net
Wed May 8 19:26:26 UTC 2013
Thanks for the detailed opinion, Kurt! It looks like everyone agrees
that we should treat this as hardening and open this up.
** Information type changed from Private Security to Public
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1175193
Title:
Instance actions history is unbounded
Status in OpenStack Compute (Nova):
New
Bug description:
Grizzly included a new feature to keep a history of actions performed
on an instance. The history kept in the database is unbounded. As a
result, a malicious user could perform actions in a loop and cause the
database to grow without bounds. Some of the quicker actions that
could be used to exploit this are pause, unpause, or change password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1175193/+subscriptions
More information about the Openstack-security
mailing list