openstack team mailing list archive

Thread
Date

Re: security blueprint related to os binaries

To: Wyllys Ingersoll <Wyllys.Ingersoll@xxxxxxxxxx>
From: Stanislav Pugachev <spugachev@xxxxxxxxxxxxxxxx>
Date: Tue, 14 May 2013 19:20:24 +0300
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CDB7D726.1610%wyllys.ingersoll@evault.com>

from the security point of view its not so bad practice


On Tue, May 14, 2013 at 6:57 PM, Wyllys Ingersoll <
Wyllys.Ingersoll@xxxxxxxxxx> wrote:

> Agree.  Hardcoding full pathnames is a bad practice in general.
>
>
> On 5/14/13 11:50 AM, "Kevin L. Mitchell" <kevin.mitchell@xxxxxxxxxxxxx>
> wrote:
>
> >On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
> >> Attacker can put binary in /usr/local/bin for example. on ubuntu that
> >> path located before /usr/bin.
> >
> >If the attacker has write access to /usr/local/bin, it's already game
> >over; I don't see what we can do to nova that can mitigate something
> >that disastrous.
> >
> >--
> >Kevin L. Mitchell <kevin.mitchell@xxxxxxxxxxxxx>
> >
> >
> >_______________________________________________
> >Mailing list: https://launchpad.net/~openstack
> >Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> >Unsubscribe : https://launchpad.net/~openstack
> >More help   : https://help.launchpad.net/ListHelp
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

Re: security blueprint related to os binaries
From: Wyllys Ingersoll, 2013-05-14

References

Re: security blueprint related to os binaries
From: Kevin L. Mitchell, 2013-05-14
Re: security blueprint related to os binaries
From: Wyllys Ingersoll, 2013-05-14