Quick notes: * should use /run instead of /var/run * while it's nice to have the sudoers split, the sudoers fragment is wildly permissive ("chown" as root is trivial to exploit). I would recommend specific helper scripts that validate the logic of the requested dangerous commands (see the similar stuff in euca).
This is a rather large chunk of python daemons. I think a much more complete security audit should be done, but that's not something I have time for at the moment. On the up side, the code looks generally well designed, though not really made to resist malicious admin use. Given the scope of its intended use, I think it would be wise to keep this out of main until it can really be more heavily audited. Trying to map the dispatch actions to the possible code paths would probably take some effort, and I'm worried that some of the web objects might have unexpected exposed functions. Though perhaps I'm just not familiar enough with the WSGI code. ** Changed in: nova (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/801501 Title: [MIR] nova To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/801501/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs