[nova] Privsep is not giving us any security
thierry at openstack.org
Wed Apr 3 16:20:44 UTC 2019
Ben Nemec wrote:
>>> It would be good to describe the antipattern and how to write "good"
>>> privsep functions though, if only to be able to point developers and
>>> reviewers to that. Suggestions on where we could do that?
>> Agree with this for sure. I understand the rootwrap->privsep thing well
>> enough to review the existing series, but will need help understanding
>> how (3) will need to look.
>> Long-term, the document should obviously live somewhere
>> non-project-specific, and I don't know where that would be.
>> Short(er)-term, since we have momentum on the issue in Nova, as well as
>> a clear picture of all the places it needs to be applied (thanks to
>> (2)/[A]), how about we include it in a Nova spec, since we're going to
>> need one anyway?
> Wouldn't we put privsep best practices in the privsep docs? Currently
> the usage docs just link to Michael's blog posts about implementing
> privsep, but that seems like the logical place to keep the guidelines
> for writing good privileged functions.
Makes sense. I'll try to describe the antipattern, unless someone beats
me to it.
Thierry Carrez (ttx)
More information about the openstack-discuss