| Thread Previous • Date Previous • Date Next • Thread Next |
It doesn't help that I mostly know about devstack, and don't know a whole lot about the variety of ways that Nova is installed on actual production systems. So, my questions:
a) Is the nova code on a production system generally owned by root and read-only? (If the answer to this one is ever 'no' then we're done, because we're already 100% insecure.)
b) Does nova usually run as root user? (Again, thinking 'no' because otherwise we wouldn't need a rootwrap tool in the first place.)
c) Who generally has rights to modify nova.conf and/or add command-line args to the nova launch? (I want the answer to this to be 'just root' but I fear the answer is 'both root and the nova user.')
The crux: If additional commands can be added to rootwrap via nova.conf or the commandline, does that open security holes that aren't already open? Such a facility will give root to anyone who can modify the nova.conf or the nova commandline. So, if the nova user can modify the commandline, the question is: did the nova user /already/ have root access?
| Thread Previous • Date Previous • Date Next • Thread Next |
