weizhouapache commented on PR #11654: URL: https://github.com/apache/cloudstack/pull/11654#issuecomment-3306523786
> > @vishesh92 is it a good idea to add some validations to these userdata configs, to avoid any kind of security risks ? > > IMO, it would be difficult to do that. Technically the user data could be a script which fetches a binary (malicious) from internet and executes it on the system VM and we won't be able to validate this. But since the global settings are scoped at zone level, only the operators can set the user data. > > I have also added a new global setting, `systemvm.userdata.enabled`, which is set to `false` by default. Unless this is set to `true`, the other global settings are ignored. @harikrishna-patnala's concern is very good point CPVM and SSVM has access to management network, SSVM can access storage network too, so we need to be careful. we could move the configurations to Secure category so they are not visible in global settings, or move them to non-dynamic so restarting management server is needed to make them effective. what if the root admin (cloudstack user) is compromised ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
