[Openstack] How do I stop image-create from using /tmp?
Thierry Carrez
thierry at openstack.org
Tue Jul 3 10:14:19 UTC 2012
Daniel P. Berrange wrote:
> On Mon, Jul 02, 2012 at 12:09:55PM -0700, Johannes Erdfelt wrote:
>>
>> It seems to me that we're just as likely to have a review slip through
>> that uses /tmp insecurely as a review slipping through that uses /tmp at
>> all.
With my Vulnerability Management team hat on, looking at the types of
vulnerabilities we actually let go through in our reviews, I would
disagree with that. Not all the core developers have the security
mindset built into them. And spotting usage of /tmp is always easier
than spotting insecure usage of /tmp.
> It is fairly common for apps to use /var/cache/<appname> or
> /var/lib/<appname>.
>
>> Since we can't trust developers to use /tmp securely, or avoid using
>> /tmp at all, then why not use filesystem namespaces to setup a process
>> specific non-shared /tmp?
>
> That is possible, but I simply disagree with your point that we
> can't stop using /tmp. It is entirely possible to stop using it
> IMHO.
+1. Always using application-specific, unshared temp space
(/var/cache/<appname>, /var/lib/<appname>/tmp...) is a good security
strengthening mechanism that should help us avoid /some/ vulnerabilities
in the future.
--
Thierry Carrez (ttx)
OpenStack Vulnerability Management team
More information about the Openstack
mailing list