Open Stack

Is there any difference in the rate at which security patches get applied
between os's.  In particular, i'm trying to compare centos 6.5 vs ubuntu
14.04.

What is the process through which security-only patches get passed on to
production deployments of openstack.

Is there a difference in the amount of coverage testing for security
services between os's?

kesten


On Sun, Jun 1, 2014 at 7:00 AM, <
openstack-security-request at lists.openstack.org> wrote:

> Send Openstack-security mailing list submissions to
>         openstack-security at lists.openstack.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
> or, via email, send a message with subject or body 'help' to
>         openstack-security-request at lists.openstack.org
>
> You can reach the person managing the list at
>         openstack-security-owner at lists.openstack.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openstack-security digest..."
>
>
> Today's Topics:
>
>    1. [Bug 1260679] Re: Multiple drivers set    insecure file
>       permissions (Nathan Kinder)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 31 May 2014 15:39:21 -0000
> From: Nathan Kinder <nkinder at redhat.com>
> To: openstack-security at lists.openstack.org
> Subject: [Openstack-security] [Bug 1260679] Re: Multiple drivers set
>         insecure file permissions
> Message-ID:
>         <20140531153922.20634.22748.malone at chaenomeles.canonical.com>
> Content-Type: text/plain; charset="utf-8"
>
> Published as OSSN-0014 on the wiki and the openstack and openstack-dev
> mailing lists:
>
> https://wiki.openstack.org/wiki/OSSN/OSSN-0014
>
> ** Changed in: ossn
>        Status: In Progress => Fix Released
>
> --
> You received this bug notification because you are a member of OpenStack
> Security Group, which is subscribed to OpenStack.
> https://bugs.launchpad.net/bugs/1260679
>
> Title:
>   Multiple drivers set insecure file permissions
>
> Status in Cinder:
>   In Progress
> Status in OpenStack Security Notes:
>   Fix Released
>
> Bug description:
>   GPFS from various places calls "chmod 666" as root:
>
>   ./cinder/volume/drivers/gpfs.py:        self._execute('chmod', '666',
> path, run_as_root=True)
>   ./cinder/volume/drivers/gpfs.py:            self._execute('chmod',
> '666', vol_path, run_as_root=True)
>
>   the Huawei driver sets 777 permissions as root on some files:
>
>   ./cinder/volume/drivers/huawei/ssh_common.py: utils.execute('chmod',
> '777', filepath, run_as_root=True)
>   ./cinder/volume/drivers/huawei/rest_common.py: utils.execute('chmod',
> '777', filepath, run_as_root=True)
>
>   the Scality driver sets 666 permissions on all volumes:
>
>   cinder/volume/drivers/scality.py:
>
>   ????def _create_file(self, path, size):
>   ????????with open(path, "ab") as f:
>   ????????????f.truncate(size)
>   ????????os.chmod(path, 0o666)
>
>   Similarly, the NFS and NEXENTA driver have an implementation of
>
>   def _set_rw_permissions_for_all()
>
>   that is being called on all newly created volumes.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cinder/+bug/1260679/+subscriptions
>
>
>
> ------------------------------
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
> End of Openstack-security Digest, Vol 16, Issue 1
> *************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140601/4f7ef29c/attachment.html>