Comment 34 for bug 1221190
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Image format not enforced when using rescue | #34 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@Tristan: nice work, but the "By... a... will... resulting in... " construct should rather be used to describe the attack vector and the impact. The goal is not to use it to get into details over what technically happens in this bug.
By doing this THING, a type of attacker can trigger THAT, resulting in THIS IMPACT for the system/normal user etc.
Your description is, I think, a bit too detailed on the defect and not detailed enough on the attack vector. We don't know what type of attacker would abuse this (local user ? unauthenticated cloud user ? authenticated cloud user ?), the complexity of the attack, and most importantly the end result impact for the rest of the world.
I would say something like...
By overwiting the disk inside an instance with a malicious image and switching the instance to rescue mode, an authenticated user would..., resulting in... (data exposure ? denial of service ?)