Bug 828403

Summary: [RFE] Restrict interfaces imagefactory and iwhd listen on
Product: [Retired] CloudForms Cloud Engine Reporter: james labocki <jlabocki>
Component: imagefactoryAssignee: Ian McLeod <imcleod>
Status: CLOSED EOL QA Contact: Rehana <aeolus-qa-list>
Severity: high Docs Contact:
Priority: medium    
Version: 1.0.0CC: dajohnso, morazi, nobody
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description james labocki 2012-06-04 17:39:21 UTC 
Description of problem:

imagefactory and image warehouse daemon (iwhd) both listen on all network interfaces but seem to be only accessed from localhost. There seems to be no login / password restriction for imagefactory. Please restrict access for security / audit purposes.

Do imagefactory and iwhd have to run as root? Having a script (imagefactory) run as root is a security audit failure.
Comment 2 Mike Orazi 2013-01-29 15:59:21 UTC 
This should be scoped down to imgfac only.