Kevin L. Mitchell wrote: > On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote: >> Attacker can put binary in /usr/local/bin for example. on ubuntu that >> path located before /usr/bin. > > If the attacker has write access to /usr/local/bin, it's already game > over; I don't see what we can do to nova that can mitigate something > that disastrous.
Yes, this proposal is pretty useless. We rely on $PATH to execute code as the $service user -- someone that can modify $PATH or inject binaries in it already has enough rights to act as $service. For rootwrap calls we rely on a root-configured specific path, and still have the option to specify the complete path. To interfere with that you actually need to be root already. So this makes the code more brittle (each distro would have to patch the code to apply their specific paths), for no security gain. -- Thierry Carrez (ttx) Release Manager, OpenStack _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp