[Bug 801501] Re: [MIR] nova
Kees Cook
kees at ubuntu.com
Mon Sep 12 22:29:21 UTC 2011
Quick notes:
* should use /run instead of /var/run
* while it's nice to have the sudoers split, the sudoers fragment is wildly permissive ("chown" as root is trivial to exploit). I would recommend specific helper scripts that validate the logic of the requested dangerous commands (see the similar stuff in euca).
This is a rather large chunk of python daemons. I think a much more
complete security audit should be done, but that's not something I have
time for at the moment. On the up side, the code looks generally well
designed, though not really made to resist malicious admin use. Given
the scope of its intended use, I think it would be wise to keep this out
of main until it can really be more heavily audited. Trying to map the
dispatch actions to the possible code paths would probably take some
effort, and I'm worried that some of the web objects might have
unexpected exposed functions. Though perhaps I'm just not familiar
enough with the WSGI code.
** Changed in: nova (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/801501/+subscriptions
More information about the Ubuntu-server-bugs
mailing list