Open Stack

On 23/03/16 18:41, "Clint Byrum" <clint at fewbar.com> wrote:

>Excerpts from Tim Bell's message of 2016-03-23 09:17:20 -0700:
>> 
>> The difficulty with the environment variables is that the administrator of the box you are logged into can read the environment using ps auxwwww.
>> 
>> There has been some work done to support storing all the variables in a file (which would be an environment variable) such that the CLIs read from the file rather than needing it in the environment. This at least minimises the access to the home directory file servers rather than the root admin on the box you are using.
>> 
>
>This does no such thing. The admin can read every single byte of RAM
>in your process space, trace your library calls, and impersonate you to
>get the same filesystem access. You have to trust the admins of systems
>you are making client calls from. There is _no_ way around that. This is
>one reason to want REST API's, so you can have an end-to-end encrypted
>conversation with the REST API from the device you are certain is secure,
>over a network and through systems you are not certain is secure.

Giving someone access to a kerberos key valid for 24 hours based on tbeir ability to read every byte of my internal process space is very different from someone trivially running ps auxwww to get the list of people and tbeir passwords which are generally valid for months.

While there is no guaranteed way round it, we should not make it so easy and for so long.

Tim

>
>_______________________________________________
>Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>Post to     : openstack at lists.openstack.org
>Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack