<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><br></div><div>What attack does hardcoding a path to a specific executable protect against?</div><div><br></div><div>On the downside, It makes the code far less portable, harder to maintain, and less flexible in the face of alternative directory structures and system configurations.</div><div><br></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Stanislav Pugachev <<a href="mailto:spugachev@griddynamics.com">spugachev@griddynamics.com</a>><br><span style="font-weight:bold">Date: </span> Tuesday, May 14, 2013 12:20 PM<br><span style="font-weight:bold">To: </span> Wyllys Ingersoll <<a href="mailto:wyllys.ingersoll@evault.com">wyllys.ingersoll@evault.com</a>><br><span style="font-weight:bold">Cc: </span> "Kevin L. Mitchell" <<a href="mailto:kevin.mitchell@rackspace.com">kevin.mitchell@rackspace.com</a>>, "<a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>" <<a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>><br><span style="font-weight:bold">Subject: </span> Re: [Openstack] security blueprint related to os binaries<br></div><div><br></div><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div><div dir="ltr">from the security point of view its not so bad practice</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 14, 2013 at 6:57 PM, Wyllys Ingersoll <span dir="ltr">
<<a href="mailto:Wyllys.Ingersoll@evault.com" target="_blank">Wyllys.Ingersoll@evault.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Agree. Hardcoding full pathnames is a bad practice in general.<br><br><br>
On 5/14/13 11:50 AM, "Kevin L. Mitchell" <<a href="mailto:kevin.mitchell@rackspace.com">kevin.mitchell@rackspace.com</a>><br>
wrote:<br><div class="HOEnZb"><div class="h5"><br>
>On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:<br>
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that<br>
>> path located before /usr/bin.<br>
><br>
>If the attacker has write access to /usr/local/bin, it's already game<br>
>over; I don't see what we can do to nova that can mitigate something<br>
>that disastrous.<br>
><br>
>--<br>
>Kevin L. Mitchell <<a href="mailto:kevin.mitchell@rackspace.com">kevin.mitchell@rackspace.com</a>><br>
><br>
><br>
>_______________________________________________<br>
>Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
>Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br><br><br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br></div></div></blockquote></div><br></div></div></div></span></body></html>