openstack team mailing list archive

Thread
Date

Re: security blueprint related to os binaries

To: "Kevin L. Mitchell" <kevin.mitchell@xxxxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Wyllys Ingersoll <Wyllys.Ingersoll@xxxxxxxxxx>
Date: Tue, 14 May 2013 09:57:53 -0600
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <1368546622.3586.89.camel@einstein>
Thread-index: Ac5Qu8FZRVpx7y1DT5CzMt30U45u1g==
Thread-topic: [Openstack] security blueprint related to os binaries
User-agent: Microsoft-MacOutlook/14.3.2.130206

Agree.  Hardcoding full pathnames is a bad practice in general.


On 5/14/13 11:50 AM, "Kevin L. Mitchell" <kevin.mitchell@xxxxxxxxxxxxx>
wrote:

>On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that
>> path located before /usr/bin.
>
>If the attacker has write access to /usr/local/bin, it's already game
>over; I don't see what we can do to nova that can mitigate something
>that disastrous.
>
>-- 
>Kevin L. Mitchell <kevin.mitchell@xxxxxxxxxxxxx>
>
>
>_______________________________________________
>Mailing list: https://launchpad.net/~openstack
>Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>Unsubscribe : https://launchpad.net/~openstack
>More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: security blueprint related to os binaries
From: Stanislav Pugachev, 2013-05-14

References

Re: security blueprint related to os binaries
From: Kevin L. Mitchell, 2013-05-14