[Openstack] security blueprint related to os binaries
Vasiliy Khomenko
vkhomenko at griddynamics.com
Tue May 14 15:38:28 UTC 2013
Attacker can put binary in /usr/local/bin for example. on ubuntu that path
located before /usr/bin.
We could create some templates with absolute paths to binaries for each
distro (deb-based, rhel-based) and auto-detect them.
On Tue, May 14, 2013 at 3:36 PM, Victor Lowther <victor.lowther at gmail.com>wrote:
> Err, sounds like a lot of work to make the code more fragile. If you want
> to be paranoid about launching the right command, do it by sanity-checking
> $PATH, not by hardcoding the path of all the executables you call.
>
>
> On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev <
> spugachev at griddynamics.com> wrote:
>
>> Hi,
>> I've added a blueprint
>> https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries
>> Please, take a look and let's discuss it if it makes sense.
>> Thank you
>> Stas.
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130514/f71e5d19/attachment.html>
More information about the Openstack
mailing list