← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1319640] Re: Console to instance persists even after logging out of Horizon

 

Adding nova team since it may also affect nova-vncproxy. My first take
on this is that we generate a vncproxy token, so it's totally usable
outside of the Horizon session. If the token is relatively short-lived,
I see no security issue in that behavior ?

** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1319640

Title:
  Console to instance persists even after logging out of Horizon

Status in OpenStack Dashboard (Horizon):
  New
Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  Steps to Recreate the bug

  1. Log in through Horizon dashboard
  2. Create an instance and wait till it is running
  3. Console the VM from drop down menu for the instance
  4. Open Console on new window.
  5. Now log out of the dashboard
  6. Scenario 1 : Now you can see that Instance console session still persists
  7. Copy the URL of console window.
  8. Close the Console window
  9. Scenario 2 : Reopen the window (In my case CTRL+SHIFT+T) on the browser - Will get access to the Instance Console.
  10. Scenario 3: Pass on the copied URL to other LAN users and ask them to use it - Will get access to the Instance Console

  I assume it must have been like,
  Session for the console must exit once the console is closed.
  Must not allow multiple sessions (Refering to Scenario 3)

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1319640/+subscriptions