potiuk commented on PR #13293: URL: https://github.com/apache/cloudstack/pull/13293#issuecomment-4676199216
Thanks @vishesh92 — this is exactly the input the §14 questions were after; folding all of it in. How each lands: - **Root admin (L959)** — confirmed trusted operator with direct access anyway → stays out of the adversary model (§7); promoting *(inferred)* → *(maintainer)*. - **userdata (L970)** — confirmed: the end user customizing their own guest OS → tenant-controlled data inside their own boundary, not a CloudStack-side injection surface (§6/§9). - **Hypervisor settings (L965)** — narrowing the in-model case to "CloudStack applies a wrong/insecure setting when launching/managing the guest" (a CloudStack responsibility); the hypervisor's own hardening stays out. Left flagged for @DaanHoogland. - **proxy.header.verify (L984)** — corrected: default `false`; only when the remote address is in `proxy.cidr` does CloudStack read `proxy.header.names`. Fixing §5a/§6. - **2FA (L989)** — confirmed deployment choice: `enable.user.2fa` (default false) + `mandate.user.2fa` (default false), domain-configurable → "2FA not enforced" is operator config, not a flaw (§10/§11a), with those exact knob names. - **Password hashing (L1000)** — the clincher for the §11a non-finding: default encode set excludes `MD5,LDAP,PLAINTEXT` (effective `PBKDF2,SHA256SALT,SAML2`), so md5/plaintext hashing of *new* passwords in a default install is out of model. I'll cite the exact default-vs-excluded set. Two still on @DaanHoogland: **L976** (whether `simulator` + `tools/appliance` are in scope — I'd lean out, dev/test paths) and **L1007** (the default-0/disabled confirm). I'll push the updated model with the confirmed items folded in. Thanks again — this is the review that makes it usable for triage. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
