Re: [Openstack] security blueprint related to os binaries

2013-05-14 Thread Vasiliy Khomenko 
Attacker can put binary in /usr/local/bin for example. on ubuntu that path
located before /usr/bin.
We could create some templates with absolute paths to binaries for each
distro (deb-based, rhel-based) and auto-detect them.



On Tue, May 14, 2013 at 3:36 PM, Victor Lowther victor.lowt...@gmail.comwrote:

 Err, sounds like a lot of work to make the code more fragile.  If you want
 to be paranoid about launching the right command, do it by sanity-checking
 $PATH, not by hardcoding the path of all the executables you call.


 On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev 
 spugac...@griddynamics.com wrote:

 Hi,
 I've added a blueprint
 https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries
 Please, take a look and let's discuss it if it makes sense.
 Thank you
 Stas.



 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp



 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Absolute limits is quotas?

2013-04-17 Thread Vasiliy Khomenko 
Hi all.

Official documentation says: The name of the absolute limit uniquely
identifies the limit within a deployment., but my experiments shows that
limits affects only within tenants, as quotas do.

What i do:
I start instance in demo tenant and see:
$nova absolute-limits
+-+---+
| Name| Value |
+-+---+
...
| maxTotalCores   | 20|
...
| totalCoresUsed  | 2|

I suppose in alt_demo tenant i can see decreased by 2 value, but there is
no change..

Can anybody explain what absolute-limits is and how it differs from quotas?
Thank you.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp