openstack team mailing list archive

Thread
Date

Re: extending rootwrap securely

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry@xxxxxxxxxxxxx>
Date: Wed, 02 May 2012 12:01:21 +0200
In-reply-to: <E3F68903E8634CB1B9797C341B269014@cloudscaling.com>
Organization: OpenStack
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1

Eric Windisch wrote:
> I'd really like to see this security mechanism overhauled. Rootwrap was
> an improvement over what was there before, however, I don't believe that
> rootwrap is a viable long-term solution as currently designed.  Rootwrap
> has resulted in the use of potentially insecure shell-outs for the
> purposes of privilege escalation in cases where pure Python would be safer.

The Filter mechanism could easily be extended so that rather than always
executing an external command, it could run some python code as root
instead. Any other reason why you think it's not a viable long-term
solution ?

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack

References

extending rootwrap securely
From: Andrew Bogott, 2012-04-29
Re: extending rootwrap securely
From: Eric Windisch, 2012-04-30