[nova] Privsep is not giving us any security

Thierry Carrez thierry at openstack.org
Wed Apr 3 16:20:44 UTC 2019

Ben Nemec wrote:
>> [...]
>>> It would be good to describe the antipattern and how to write "good"
>>> privsep functions though, if only to be able to point developers and
>>> reviewers to that. Suggestions on where we could do that?
>> Agree with this for sure. I understand the rootwrap->privsep thing well
>> enough to review the existing series, but will need help understanding
>> how (3) will need to look.
>> Long-term, the document should obviously live somewhere
>> non-project-specific, and I don't know where that would be.
>> Short(er)-term, since we have momentum on the issue in Nova, as well as
>> a clear picture of all the places it needs to be applied (thanks to
>> (2)/[A]), how about we include it in a Nova spec, since we're going to
>> need one anyway?
> Wouldn't we put privsep best practices in the privsep docs? Currently 
> the usage docs[0] just link to Michael's blog posts about implementing 
> privsep, but that seems like the logical place to keep the guidelines 
> for writing good privileged functions.

Makes sense. I'll try to describe the antipattern, unless someone beats 
me to it.

Thierry Carrez (ttx)

More information about the openstack-discuss mailing list