Comment 2 for bug 1020603

Security review:
This review proved to be fairly difficult due to several bugs in OpenStack on 12.10 and also in quantum. That said, Quantum implements NaaS (network as a service) which is meant to overcome the shortcomings of networking in Nova directly. Overview at: http://www.slideshare.net/danwent/openstack-quantum-intro-os-meetup-32612

"Quantum is focused on managing the connectivity between interfaces of other OpenStack services"

No CVE history, no dbus services, no setuid, no use of fscaps and no cron jobs. Plugins and quantum-server installs initscripts. No listening services by default (quantum must be configured for your specific setup).

Quantum supports a rootwrapper like other parts of OpenStack, however none of the agents are setup to use it. Eg, from /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini:
# Change to "sudo quantum-rootwrap" to limit commands that can be run
# as root.
root_helper = sudo

The rootwrap functionality looks sane and it is implemented in a similar fashion as nova-rootwrap.

Spot checking other parts of the code, they look ok, but quantum/openstack/common/setup.py bypasses subprocess.Popen's shell meta injection protections in its _run_shell_command() implementation, but this file shouldn't be run by an attacker and the arguments are mostly filtered (though they could be improved).