Comment 0 for bug 823000
Revision history for this message
| Joe Gordon (jogo) wrote nova-compute doesn't follow principle of least privilege; root SQL password in nova.conf | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Although the nova.conf file's premissions are restricted to 640, giving every compute server the MySQL root password, as according to the cactus documentation, does not follow the principle of least privilege.
Documents that refer to root MySQL password on compute servers:
http://
http://
If an attacker succsesfully exploits a flaw in the hypervisor (as have been found in KVM and XEN in the past), the attacker can easily tamper with the MySQL database, wreaking havoc on the OpenStack Cloud.
An attack on the hypervisor should be limited in scope to indivual compute servers.