[nova] Privsep is not giving us any security

Thierry Carrez thierry at openstack.org
Thu Apr 4 13:41:03 UTC 2019

Thierry Carrez wrote:
> Ben Nemec wrote:
>>> [...]
>>>> It would be good to describe the antipattern and how to write "good"
>>>> privsep functions though, if only to be able to point developers and
>>>> reviewers to that. Suggestions on where we could do that?
>>> Agree with this for sure. I understand the rootwrap->privsep thing well
>>> enough to review the existing series, but will need help understanding
>>> how (3) will need to look.
>>> Long-term, the document should obviously live somewhere
>>> non-project-specific, and I don't know where that would be.
>>> Short(er)-term, since we have momentum on the issue in Nova, as well as
>>> a clear picture of all the places it needs to be applied (thanks to
>>> (2)/[A]), how about we include it in a Nova spec, since we're going to
>>> need one anyway?
>> Wouldn't we put privsep best practices in the privsep docs? Currently 
>> the usage docs[0] just link to Michael's blog posts about implementing 
>> privsep, but that seems like the logical place to keep the guidelines 
>> for writing good privileged functions.
> Makes sense. I'll try to describe the antipattern, unless someone beats 
> me to it.

A start at:

Thierry Carrez (ttx)

More information about the openstack-discuss mailing list