[jira] [Commented] (CLOUDSTACK-10230) User is able to change to “Guest OS type” that has been removed

Mon, 02 Apr 2018 04:11:42 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16422138#comment-16422138
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10230:
---------------------------------------------

rafaelweingartner commented on a change in pull request #2404: 
[CLOUDSTACK-10230] User should not be able to use removed “Guest OS type”
URL: https://github.com/apache/cloudstack/pull/2404#discussion_r178526542
 
 

 ##########
 File path: server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
 ##########
 @@ -3703,9 +3654,9 @@ private String generateHostName(String uuidName) {
     }
 
     private UserVmVO commitUserVm(final DataCenter zone, final 
VirtualMachineTemplate template, final String hostName, final String 
displayName, final Account owner,
-                                  final Long diskOfferingId, final Long 
diskSize, final String userData, final Account caller, final Boolean 
isDisplayVm, final String keyboard,
-                                  final long accountId, final long userId, 
final ServiceOfferingVO offering, final boolean isIso, final String 
sshPublicKey, final LinkedHashMap<String, NicProfile> networkNicMap,
-                                  final long id, final String instanceName, 
final String uuidName, final HypervisorType hypervisorType, final Map<String, 
String> customParameters, final Map<String, Map<Integer, String>> 
extraDhcpOptionMap, final Map<Long, DiskOffering> 
dataDiskTemplateToDiskOfferingMap) throws InsufficientCapacityException {
+            final Long diskOfferingId, final Long diskSize, final String 
userData, final Account caller, final Boolean isDisplayVm, final String 
keyboard,
 
 Review comment:
   methods with hundreds of parameters... the glory of the old days...

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> User is able to change to “Guest OS type” that has been removed 
> ----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10230
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rafael Weingärtner
>            Assignee: Rafael Weingärtner
>            Priority: Critical
>
> Users are able to change the OS type of VMs to “Guest OS type” that has been 
> removed. This becomes a security issue when we try to force users to use HVM 
> VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable 
> by any users in the cloud.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to