828403 – [RFE] Restrict interfaces imagefactory and iwhd listen on

Bug 828403 - [RFE] Restrict interfaces imagefactory and iwhd listen on

Summary: [RFE] Restrict interfaces imagefactory and iwhd listen on

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	CloudForms Cloud Engine
Classification:	Retired
Component:	imagefactory
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	rc
Assignee:	Ian McLeod
QA Contact:	Rehana
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-04 17:39 UTC by james labocki
Modified:	2020-03-27 18:06 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description james labocki 2012-06-04 17:39:21 UTC

Description of problem:

imagefactory and image warehouse daemon (iwhd) both listen on all network interfaces but seem to be only accessed from localhost. There seems to be no login / password restriction for imagefactory. Please restrict access for security / audit purposes.

Do imagefactory and iwhd have to run as root? Having a script (imagefactory) run as root is a security audit failure.

Comment 2 Mike Orazi 2013-01-29 15:59:21 UTC

This should be scoped down to imgfac only.

Note You need to log in before you can comment on or make changes to this bug.