Comment 0 for bug 823000

Revision history for this message
Joe Gordon (jogo) wrote : nova-compute doesn't follow principle of least privilege; root SQL password in nova.conf

Although the nova.conf file's premissions are restricted to 640, giving every compute server the MySQL root password, as according to the cactus documentation, does not follow the principle of least privilege.

Documents that refer to root MySQL password on compute servers:
http://docs.openstack.org/cactus/openstack-compute/admin/content/configuring-multiple-compute-nodes.html
http://docs.openstack.org/cactus/openstack-compute/admin/content/setting-flags-in-nova-conf-file.html

If an attacker succsesfully exploits a flaw in the hypervisor (as have been found in KVM and XEN in the past), the attacker can easily tamper with the MySQL database, wreaking havoc on the OpenStack Cloud.

An attack on the hypervisor should be limited in scope to indivual compute servers.