[Openstack] security blueprint related to os binaries
Mac Innes, Kiall
kiall at hp.com
Tue May 14 14:25:34 UTC 2013
On 14/05/13 12:02, Stanislav Pugachev wrote:
Hi,
I've added a blueprint https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries
Please, take a look and let's discuss it if it makes sense.
Thank you
Stas.
Am I correct in thinking that, if the attacker is able to modify $PATH in the environment under which nova etc runs, you've already lost?
I would argue this is at worst a packaging bug, assuming packagers are not explicitly defining the $PATH variable as part of the init scripts.
P.S. the openstack-dev mailing list is generally where blueprint discussion happens :)
Thanks,
Kiall
More information about the Openstack
mailing list