[oslo][security] Are config files vetted for ownership/permissions?
openstack at fried.cc
Fri Oct 18 22:18:25 UTC 2019
When $service loads up a config file like /etc/nova/nova.conf via
oslo.config, is there anything that makes sure the dir and/or file are
owned by the process user/group and have appropriate permissions? E.g.
to prevent $hacker from modifying/replacing config opts and making
$service do horrible things to my system/cloud. (I'm less concerned with
$hacker seeing passwords etc., though I expect we would be accounting
for both or neither.)
More information about the openstack-discuss