openstack team mailing list archive
Mailing list archive
Re: security blueprint related to os binaries
Agree. Hardcoding full pathnames is a bad practice in general.
On 5/14/13 11:50 AM, "Kevin L. Mitchell" <kevin.mitchell@xxxxxxxxxxxxx>
>On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that
>> path located before /usr/bin.
>If the attacker has write access to /usr/local/bin, it's already game
>over; I don't see what we can do to nova that can mitigate something
>Kevin L. Mitchell <kevin.mitchell@xxxxxxxxxxxxx>
>Mailing list: https://launchpad.net/~openstack
>Post to : openstack@xxxxxxxxxxxxxxxxxxx
>Unsubscribe : https://launchpad.net/~openstack
>More help : https://help.launchpad.net/ListHelp