Glance

  1. Bug #1549483
  2. Comment #35

Comment 35 for bug 1549483

Revision history for this message
Nikhil Komawar (nikhil-komawar) wrote :

Really nice note Brian. Pretty elaborate and explains almost all details.

A couple of points to consider in this note:

1. Summary

### Summary ###
When Glance has been configured with the "show_multiple_locations" option enabled with default policy for set and delete locations, it is possible for a non-admin user having write access to the image metadata to replace active image data.

2. Public & Community images

These images do not grant write access to the non-owner users of the cloud. Hence, setting an incorrect or malicious locations or manipulations to the image location is not allowed, thus keeping the image location intact and safe for the user.