© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.
I'm pretty sure this will end up being a security hardening opportunity, since it was a primary driver for the ongoing effort to replace rootwrap use with privsep, but also because at present there are similar known risks with the existing privsep rules (see bug 1989008 for details). Nevertheless, I'll wait for the Nova security reviewers to confirm before switching this report to public.
Also, you say "up to Stein" but the oldest OpenStack version still under normal maintenance is Xena. If it doesn't affect stable/xena or newer branches, we aren't going to issue a security advisory since there will be no new point releases containing the fix anyway.