openstack team mailing list archive
Mailing list archive
Re: security blueprint related to os binaries
Why do you think code will become more fragile? It will be more defended.
How $PATH checking will help if someone will change the binary?
And it is not so much work to do here.
On Tue, May 14, 2013 at 3:36 PM, Victor Lowther <victor.lowther@xxxxxxxxx>wrote:
> Err, sounds like a lot of work to make the code more fragile. If you want
> to be paranoid about launching the right command, do it by sanity-checking
> $PATH, not by hardcoding the path of all the executables you call.
> On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev <
> spugachev@xxxxxxxxxxxxxxxx> wrote:
>> I've added a blueprint
>> Please, take a look and let's discuss it if it makes sense.
>> Thank you
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp