Glance

  1. Series yoga
  2. Bug #1990157
  3. Comment #44

Comment 44 for bug 1990157

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote : Re: Malicious image data modification can happen when using COW

@Erno #43

I agree that the visibility stuff just confuses the issue. Based on your comments, I think I should restructure the entire note along these lines:

1. If you're using a COW backend configuration, you should deploy dual glances (probably won't use that term, but you know what i mean).
2. The COW backend efficiency/security tradeoff.
3. What we mean by "dual glances" <-- with reference to the nova/cinder config options.
4. Why: show_multiple_locations=True -> image data manipulation via the Image API
5. Why: show_image_direct_url -> backend info leak which could be used by a malicious actor to independently access the backend storage and modify image data directly in the backend

@Everyone:
I won't get started on this until around 1800 UTC today, so if you have comments before then, please leave them!