[openstack-dev] [OSSG] OpenStack Security Group Task List

文剑 wenjianhn at gmail.com
Wed Oct 24 03:35:36 UTC 2012 

I have implemented a blueprint which solves a security problem last month,
but didn't push
 the code yet.

https://blueprints.launchpad.net/nova/+spec/rysnc-without-ssh

It's description:

The disks are copied from source to destination via rysnc over ssh during
resizing/migrating.
It means that we will need a password-less ssh private key setup among all
compute nodes.
It is a security problem in some environment. This blueprint will use rsync
itself(not over ssh)
to copy/delete the disks.


2012/10/24 Bryan D. Payne <bdpayne at acm.org>

> As the OpenStack Security Group (OSSG) begins to take shape, we are
> looking to identify what work needs to be done.  We have lots of
> things in our heads, but I know others have similar lists in their
> heads as well.  I'd like to start this thread to collect security
> related issues for any OpenStack core project.  These can be things
> with existing bug reports, or things that have just been sitting in
> your head without actually making it into a bug report yet.
>
> The idea is to have a list of problems where it would be useful for
> security people to help.  I'll start with the following to get us
> going.
>
> * Fix problems with clients using SSL (see slide 19 of
> http://www.bryanpayne.org/storage/ossg-oct2012.pdf)
> * Start a hardening guide
> * Work with swift team on Swift Message Authentication
> * Work with nova team on Nova RPC signing
> * Work with keystone team on new PKI tokens and related code
> * Work with oslo team on rootwrap code
> * Add a 'SecurityImpact' tag to mark pull requests as needing a review
> by someone in OSSG
>
> Please help us out by replying with your additions.
>
> Cheers,
> -bryan
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Best,

Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121024/c64311ed/attachment.html>

More information about the OpenStack-dev mailing list