23 Apr
2019
23 Apr
'19
3:14 p.m.
Hi, On Mon, Apr 22, 2019 at 04:05:48PM -0500, Eric Fried wrote:
this change might give a lower privileged user (eg a user who cannot specify "ha") the ability to sniff around for the defaults,
This was the only thing I could think of.
but i'm not sure if that information represents a security risk in this case.
Because they could also find that out by looking at the source code?
But in some corner case it might be even patched and defaults can be different in some specific cloud. Maybe for such case we can make this new behaviour configurable? So there would be some config option which operator can use to disable accepting default values for forbidden parameters.
efried .
-- Slawek Kaplonski Senior software engineer Red Hat