← Back to team overview

openstack team mailing list archive

Thread
Date

Re: security blueprint related to os binaries

To: <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Kevin L. Mitchell" <kevin.mitchell@xxxxxxxxxxxxx>
Date: Tue, 14 May 2013 10:50:21 -0500
In-reply-to: <CADaNTYRDA3uykbbos9QQ-BBdWvmdwDiF5untxb01+2+PF1H+NA@mail.gmail.com>
Organization: Rackspace

On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
> Attacker can put binary in /usr/local/bin for example. on ubuntu that
> path located before /usr/bin.

If the attacker has write access to /usr/local/bin, it's already game
over; I don't see what we can do to nova that can mitigate something
that disastrous.

-- 
Kevin L. Mitchell <kevin.mitchell@xxxxxxxxxxxxx>

Follow ups

Re: security blueprint related to os binaries
From: Thierry Carrez, 2013-05-14
Re: security blueprint related to os binaries
From: Wyllys Ingersoll, 2013-05-14

References

security blueprint related to os binaries
From: Stanislav Pugachev, 2013-05-14
Re: security blueprint related to os binaries
From: Victor Lowther, 2013-05-14
Re: security blueprint related to os binaries
From: Vasiliy Khomenko, 2013-05-14