[
https://issues.apache.org/jira/browse/CLOUDSTACK-1327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13671231#comment-13671231
]
Nux commented on CLOUDSTACK-1327:
---------------------------------
At the time of the testing I do not remember having modified
max.template.iso.size, so the default must have been active. The template I
used was a sparse qcow2 file of less than 50GB, but with a "virtual" size of 1
TB. Does Cloudstack check the "virtual" size?
> Cloudstack allows users to import huge templates from unauthorised URLs
> -----------------------------------------------------------------------
>
> Key: CLOUDSTACK-1327
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1327
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server, Template
> Affects Versions: 4.0.1
> Environment: Centos 6 x86_64 kvm hypervisors
> Reporter: Nux
> Priority: Critical
>
> Because Cloudstack deploys instances as r/w snapshots of the template,
> importing a template with, say 1 TB diskspace will give you 1 TB instances...
> this will lead to service abuse.
> Currently Cloudstack allows regular users to install templates from not
> allowed URLs.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
