potiuk commented on PR #13293:
URL: https://github.com/apache/cloudstack/pull/13293#issuecomment-4713986814
Thanks again @DaanHoogland and @vishesh92 — I've pushed a revision folding
your review into the model.
What changed:
- Every question you confirmed is now marked **RESOLVED** in §14 with your
answer — throttling (`api.throttling.enabled` false by default), integration
port `:8096` default `0`, the explicit UI request-size cap
(`DEFAULT_REQUEST_CONTENT_SIZE = 1048576`), the four-logical-network model,
`simulator`/`tools/appliance` exclusion, data-at-rest delegation, info-leak
in-model (regular logs exempt), TOCTOU/TLS/key-reuse confirmations, and the
satellite-repo hierarchy (cloudstack-go a dep of the other three).
- **§8 P9** no longer implies CloudStack is Java-only — it now states no
implementation-language limitation is presumed (ocaml/python/bash on
hypervisors, go on the management server), with the memory-safety claims scoped
to the JVM components.
- **§12** gains "a change in the extension mechanisms" as a revision trigger.
Answers to the three you asked me:
- **Q15 (filesystem perms):** no, not a CSV of every file — just the four
sensitive artifacts (JCEKS keystore, Root CA private key, JaSypt key + IV,
`db.properties`), each with its owning UID + mode. If you or @vishesh92 can
drop those owner/mode values, I'll fill them in.
- **Q25 ("branch"):** that's the branch-predictor / speculative-execution
side channel (Spectre-class); I've spelled it out in the doc. Agreed it's out
of scope.
- **Q30 (constant-time):** thanks — recorded as a lack of feature /
hardening opportunity (login-password, session-cookie, console-token compares),
not a by-design decision.
Still open for @vishesh92 to confirm: Q24 (the same-IP host refusal — does
it also include a UID check?) and Q29 (data-at-rest fully delegated to
storage/hypervisor). Disposition on Q24 is unchanged pending that.
Re-review whenever convenient — once these settle, pre-flight is complete
and we queue CloudStack.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
