openstack team mailing list archive

[Thierry Carrez <thierry@xxxxxxxxxxxxx>]

Kevin L. Mitchell wrote:
> On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that
>> path located before /usr/bin.
> 
> If the attacker has write access to /usr/local/bin, it's already game
> over; I don't see what we can do to nova that can mitigate something
> that disastrous.

Yes, this proposal is pretty useless.

We rely on $PATH to execute code as the $service user -- someone that
can modify $PATH or inject binaries in it already has enough rights to
act as $service.

For rootwrap calls we rely on a root-configured specific path, and still
have the option to specify the complete path. To interfere with that you
actually need to be root already.

So this makes the code more brittle (each distro would have to patch the
code to apply their specific paths), for no security gain.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack