Hello Everyone! Can you think of a security anti-pattern? Share them and help make OpenStack more secure. Below is an excerpt from the wiki under development -- https://wiki.openstack.org/wiki/Security/OpenStack_Security_Impact_Checks OpenStack security is getting greater scrutiny as adoption increases. At the Icehouse summit during an OSSG design session we floated the idea of incorporating automated tests to capture some security anti-patterns. For instance, consider cinder file permissions bug<https://bugs.launchpad.net/cinder/+bug/1260679>; the extent of the bug, namely affected drivers, was determined with a grep, a check for "chmod" with promiscuous file settings for group and world. It transpired that several of the drivers were setting volume file permissions to 777 and 666! Yet another test possible is checing for shell command executions as root. Occasionally these cannot be avoided but alerting to these helps the developer re-think the code and at the very least justify its need. Hope to hear from you! Malini -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140529/6c248a0c/attachment.html>