Attacker can put binary in /usr/local/bin for example. on ubuntu that path
located before /usr/bin.
We could create some templates with absolute paths to binaries for each
distro (deb-based, rhel-based) and auto-detect them.
On Tue, May 14, 2013 at 3:36 PM, Victor Lowther victor.lowt...@gmail.comwrote:
Err, sounds like a lot of work to make the code more fragile. If you want
to be paranoid about launching the right command, do it by sanity-checking
$PATH, not by hardcoding the path of all the executables you call.
On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev
spugac...@griddynamics.com wrote:
Hi,
I've added a blueprint
https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries
Please, take a look and let's discuss it if it makes sense.
Thank you
Stas.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp