[openstack-dev] [tripleo] removing sudoers.d rules from disk-image-builder

Robert Collins robertc at robertcollins.net
Thu Jul 25 22:39:13 UTC 2013


On 26 July 2013 10:19, Thierry Carrez <thierry at openstack.org> wrote:
> Chris Jones wrote:
>> I agree with your analysis of the effects of the sudoers file and I
>> think it makes a great argument for recommending people run the main
>> command itself with sudo, rather than a blanket passwordless sudo, but
>> really all we need to say is "this tool needs to be run as root" and let
>> people make their own decision :)
>
> Ideally the tool would detect if it's run with root privileges and
> prompt for password if it's not. That way you have two options:
> - run sudo TOOL (convenient, can run unattended)
> - run TOOL and get prompted (less convenient, slightly more secure)
>
> If the tool is run by a real user I don't think it's worth going through
> the pain of using rootwrap, although it could be used to implement
> smarter privilege escalation rules (like the PathFilter that looks into
> canonical paths and is therefore not vulnerable to linking attacks).

Many such tools are still vulnerable to race conditions, The only ones
I'm aware of that are not are apparmor and selinux :).

-Rob


-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services



More information about the OpenStack-dev mailing list