[Openstack] security blueprint related to os binaries
Wyllys Ingersoll
Wyllys.Ingersoll at evault.com
Tue May 14 16:24:38 UTC 2013
What attack does hardcoding a path to a specific executable protect against?
On the downside, It makes the code far less portable, harder to maintain, and less flexible in the face of alternative directory structures and system configurations.
From: Stanislav Pugachev <spugachev at griddynamics.com<mailto:spugachev at griddynamics.com>>
Date: Tuesday, May 14, 2013 12:20 PM
To: Wyllys Ingersoll <wyllys.ingersoll at evault.com<mailto:wyllys.ingersoll at evault.com>>
Cc: "Kevin L. Mitchell" <kevin.mitchell at rackspace.com<mailto:kevin.mitchell at rackspace.com>>, "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] security blueprint related to os binaries
from the security point of view its not so bad practice
On Tue, May 14, 2013 at 6:57 PM, Wyllys Ingersoll <Wyllys.Ingersoll at evault.com<mailto:Wyllys.Ingersoll at evault.com>> wrote:
Agree. Hardcoding full pathnames is a bad practice in general.
On 5/14/13 11:50 AM, "Kevin L. Mitchell" <kevin.mitchell at rackspace.com<mailto:kevin.mitchell at rackspace.com>>
wrote:
>On Tue, 2013-05-14 at 18:38 +0300, Vasiliy Khomenko wrote:
>> Attacker can put binary in /usr/local/bin for example. on ubuntu that
>> path located before /usr/bin.
>
>If the attacker has write access to /usr/local/bin, it's already game
>over; I don't see what we can do to nova that can mitigate something
>that disastrous.
>
>--
>Kevin L. Mitchell <kevin.mitchell at rackspace.com<mailto:kevin.mitchell at rackspace.com>>
>
>
>_______________________________________________
>Mailing list: https://launchpad.net/~openstack
>Post to : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
>Unsubscribe : https://launchpad.net/~openstack
>More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130514/7e7e9b1d/attachment.html>
More information about the Openstack
mailing list