I don't think one example of abuse means we shouldn't have it altogether. I do agree that we can't have any customer procedures requiring it. I'm not really sure why this script even exists, it looks up the system vms in the database, then fires off calls to cloudstack to restart them, am I missing something? Why isn't there just an admin level api call for this that can be a button in the UI? It would probably be simpler than the bash script.
On Mon, Sep 23, 2013 at 11:19 AM, Darren Shepherd <darren.s.sheph...@gmail.com> wrote: > I complained once before that I didn't like the existence of 8096 but > then plenty responded that its an optional thing. I just noticed in > another thread that cloud-sysvmadm requires 8096. This is exactly why > 8096 should not exist. If we create an unauthenticated backdoor, its > just too tempting to use it. So now as part of our official upgrade > procedures we tell people to turn on 8096 on a production cloud to > reboot the system VMs. I don't think that's acceptable. > > Darren
