[openstack-dev] [TripleO] improved privilege escalation in py-scripts

Cédric Jeanneret cjeanner at redhat.com
Wed Jul 4 05:51:45 UTC 2018

Dear all,

In order to improve the overall security in TripleO, we're currently
creating a couple of specs, aiming Stein version.

The first one concerns calls to "sudo" from shell scripts and the like:

The second one concerns privilege escalation inside python scripts:

The short version is "get rid of the NOPASSWD:ALL" scattering the
sudoers for a couple of users.

Both are still Work In Progress, and need a ton of reviews and
discussions in order to get a clear consensus from the community.

Thank you for your time and feedback.



Cédric Jeanneret
Software Engineer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180704/4855e168/attachment.sig>

More information about the OpenStack-dev mailing list