Attacker can put binary in /usr/local/bin for example. on ubuntu that path located before /usr/bin. We could create some templates with absolute paths to binaries for each distro (deb-based, rhel-based) and auto-detect them.
On Tue, May 14, 2013 at 3:36 PM, Victor Lowther <victor.lowt...@gmail.com>wrote: > Err, sounds like a lot of work to make the code more fragile. If you want > to be paranoid about launching the right command, do it by sanity-checking > $PATH, not by hardcoding the path of all the executables you call. > > > On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev < > spugac...@griddynamics.com> wrote: > >> Hi, >> I've added a blueprint >> https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries >> Please, take a look and let's discuss it if it makes sense. >> Thank you >> Stas. >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp