Comment 6 for bug 1700501
Revision history for this message
| Michael Still (mikal) wrote Re: [Bug 1700501] Re: Insecure rootwrap usage | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Well, there is proposed code is up to start moving to privsep, but it's not
a priority right now...
Michael
On 28 Jun. 2017 8:41 pm, "Sean Dague" <email address hidden> wrote:
> This is too vague to be actionable. There is one example, and it's not
> clear where in the system the concern is. And the kinds of changes to
> make this be as restricted as one would like really don't lead well to a
> bug, but would require a more systematic push to really embrace
> something like privsep.
>
> In general, the use of root wrap on nova-compute is honestly pointless
> in my pov. Besides chmod, cat, dd and a few others are running more or
> less unrestricted. It just doesn't make for a useful security model.
>
> ** Changed in: nova
> Status: New => Incomplete
>
> --
> You received this bug notification because you are a member of Nova Core
> security contacts, which is subscribed to the bug report.
> https:/
>
> Title:
> Insecure rootwrap usage
>
> To manage notifications about this bug go to:
> https:/
>