openstack team mailing list archive

Thread
Date

Re: security blueprint related to os binaries

To: Stanislav Pugachev <spugachev@xxxxxxxxxxxxxxxx>
From: "Mac Innes, Kiall" <kiall@xxxxxx>
Date: Tue, 14 May 2013 14:25:34 +0000
Accept-language: en-IE, en-US
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
Thread-index: AQHOUJKAUHV9PGYxS0iaThFlfOC67A==
Thread-topic: [Openstack] security blueprint related to os binaries

On 14/05/13 12:02, Stanislav Pugachev wrote:
Hi,
I've added a blueprint https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries
Please, take a look and let's discuss it if it makes sense.
Thank you
Stas.


Am I correct in thinking that, if the attacker is able to modify $PATH in the environment under which nova etc runs, you've already lost?

I would argue this is at worst a packaging bug, assuming packagers are not explicitly defining the $PATH variable as part of the init scripts.

P.S. the openstack-dev mailing list is generally where blueprint discussion happens :)

Thanks,
Kiall

Follow ups

Re: security blueprint related to os binaries
From: Victor Lowther, 2013-05-14

References

security blueprint related to os binaries
From: Stanislav Pugachev, 2013-05-14