[openstack-dev] creating a default for oslo config variables within a project?
Clint Byrum
clint at fewbar.com
Thu Dec 5 17:15:48 UTC 2013
Excerpts from Julien Danjou's message of 2013-12-05 01:22:00 -0800:
> On Wed, Dec 04 2013, Sean Dague wrote:
>
> > Honestly, I'd love us to be clever and figure out a not dangerous way
> > through this, even if unwise (where we can yell at the user in the LOGs
> > loudly, and fail them in J if lock_dir=/tmp) that lets us progress
> > through this while gracefully bringing configs into line.
>
> Correct me if I'm wrong, but I think the correct way to deal with that
> security problem is to use an atomic operation using open(2) with:
> open(pathname, O_CREAT | O_EXCL)
>
DOS by a malicious user creating it first is still trivial.
> or mkstemp(3).
>
Can't use mkstemp as the point is this needs to be something shared
between processes.
More information about the OpenStack-dev
mailing list