openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23683
Re: security blueprint related to os binaries
-
To:
openstack@xxxxxxxxxxxxxxxxxxx
-
From:
Thierry Carrez <thierry@xxxxxxxxxxxxx>
-
Date:
Tue, 14 May 2013 22:10:22 +0200
-
In-reply-to:
<1368546622.3586.89.camel@einstein>
-
Organization:
OpenStack
-
User-agent:
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130404 Thunderbird/17.0.5
Kevin L. Mitchell wrote:
> On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that
>> path located before /usr/bin.
>
> If the attacker has write access to /usr/local/bin, it's already game
> over; I don't see what we can do to nova that can mitigate something
> that disastrous.
Yes, this proposal is pretty useless.
We rely on $PATH to execute code as the $service user -- someone that
can modify $PATH or inject binaries in it already has enough rights to
act as $service.
For rootwrap calls we rely on a root-configured specific path, and still
have the option to specify the complete path. To interfere with that you
actually need to be root already.
So this makes the code more brittle (each distro would have to patch the
code to apply their specific paths), for no security gain.
--
Thierry Carrez (ttx)
Release Manager, OpenStack
References