What attack does hardcoding a path to a specific executable protect against?
On the downside, It makes the code far less portable, harder to maintain, and less flexible in the face of alternative directory structures and system configurations. From: Stanislav Pugachev <[email protected]<mailto:[email protected]>> Date: Tuesday, May 14, 2013 12:20 PM To: Wyllys Ingersoll <[email protected]<mailto:[email protected]>> Cc: "Kevin L. Mitchell" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Openstack] security blueprint related to os binaries from the security point of view its not so bad practice On Tue, May 14, 2013 at 6:57 PM, Wyllys Ingersoll <[email protected]<mailto:[email protected]>> wrote: Agree. Hardcoding full pathnames is a bad practice in general. On 5/14/13 11:50 AM, "Kevin L. Mitchell" <[email protected]<mailto:[email protected]>> wrote: >On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote: >> Attacker can put binary in /usr/local/bin for example. on ubuntu that >> path located before /usr/bin. > >If the attacker has write access to /usr/local/bin, it's already game >over; I don't see what we can do to nova that can mitigate something >that disastrous. > >-- >Kevin L. Mitchell ><[email protected]<mailto:[email protected]>> > > >_______________________________________________ >Mailing list: https://launchpad.net/~openstack >Post to : >[email protected]<mailto:[email protected]> >Unsubscribe : https://launchpad.net/~openstack >More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected]<mailto:[email protected]> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
