[Gluster-devel] Storage Platform - Security hole
Harshavardhana
harsha at gluster.com
Mon Feb 22 11:01:04 UTC 2010
On 02/22/2010 01:21 PM, Harshavardhana wrote:
> On 02/22/2010 05:18 AM, Kunthar wrote:
>> Hi all,
>>
>> Check attached snapshots.
>> I can right click and toggle fullscreen in firefox and can go anywhere.
>> It is risky.
>>
>> Why don't you guys consider using python GUI?
>>
>> Kunthar
>>
>>
>>
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel at nongnu.org
>> http://lists.nongnu.org/mailman/listinfo/gluster-devel
>>
> Hi Kunthar,
>
> A bug has been filed upon your request.
>
> http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=658
>
> Regards
> --
> Harshavardhana
> http://www.gluster.com
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at nongnu.org
> http://lists.nongnu.org/mailman/listinfo/gluster-devel
>
The subject you are referring here is not a security issue but a clear
cut case of disabling keys which will be done with the bug id . Also it
is agreeable that you should have not been allowed access to terminal
and closing full-screen window etc. which will be fixed. But in essence
all live cd's or installation cd's have "root" access. If you have
physical access to the box then its necessarily a sysadmins prerogative
to not do "rm -rf /*" unless the idea is not to use the system. But if
you see any root exploit or directory traversals from "webui" through a
remote machine which could be considered as a security hole.
Regards
--
Harshavardhana
http://www.gluster.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20100222/3c254a21/attachment-0003.html>
More information about the Gluster-devel
mailing list