openstack team mailing list archive
Mailing list archive
Re: security blueprint related to os binaries
I think it will become more fragile because (despite over a decade of
trying to standardize these things), not all the distros put their binaries
in the same places -- for example, I have seen brctl live in /sbin,
/usr/sbin, and /usr/bin. It is much easier to sanity-check (or allow for
customization of) $PATH in one place (hi there Oslo devs!) and rely on
having a sane path everywhere else than to hardcode all the exernal binary
calls and have to deal with the inevitable bugs that will arise from
utilities living in different directories in different distros. Of
os.execvp and friends randomly decide to stop using PATH (and only PATH) to
find executables we are in much deeper trouble anyways.
On Tue, May 14, 2013 at 8:04 AM, Stanislav Pugachev <
> Why do you think code will become more fragile? It will be more defended.
> How $PATH checking will help if someone will change the binary?
> And it is not so much work to do here.
> On Tue, May 14, 2013 at 3:36 PM, Victor Lowther <victor.lowther@xxxxxxxxx>wrote:
>> Err, sounds like a lot of work to make the code more fragile. If you
>> want to be paranoid about launching the right command, do it by
>> sanity-checking $PATH, not by hardcoding the path of all the executables
>> you call.
>> On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev <
>> spugachev@xxxxxxxxxxxxxxxx> wrote:
>>> I've added a blueprint
>>> Please, take a look and let's discuss it if it makes sense.
>>> Thank you
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help : https://help.launchpad.net/ListHelp