[nova] Privsep is not giving us any security
Thierry Carrez
thierry at openstack.org
Thu Apr 4 13:41:03 UTC 2019
Thierry Carrez wrote:
> Ben Nemec wrote:
>>> [...]
>>>> It would be good to describe the antipattern and how to write "good"
>>>> privsep functions though, if only to be able to point developers and
>>>> reviewers to that. Suggestions on where we could do that?
>>> Agree with this for sure. I understand the rootwrap->privsep thing well
>>> enough to review the existing series, but will need help understanding
>>> how (3) will need to look.
>>>
>>> Long-term, the document should obviously live somewhere
>>> non-project-specific, and I don't know where that would be.
>>> Short(er)-term, since we have momentum on the issue in Nova, as well as
>>> a clear picture of all the places it needs to be applied (thanks to
>>> (2)/[A]), how about we include it in a Nova spec, since we're going to
>>> need one anyway?
>>
>> Wouldn't we put privsep best practices in the privsep docs? Currently
>> the usage docs[0] just link to Michael's blog posts about implementing
>> privsep, but that seems like the logical place to keep the guidelines
>> for writing good privileged functions.
>
> Makes sense. I'll try to describe the antipattern, unless someone beats
> me to it.
A start at:
https://review.openstack.org/649997
--
Thierry Carrez (ttx)
More information about the openstack-discuss
mailing list