Eric Windisch wrote: > I'd really like to see this security mechanism overhauled. Rootwrap was > an improvement over what was there before, however, I don't believe that > rootwrap is a viable long-term solution as currently designed. Rootwrap > has resulted in the use of potentially insecure shell-outs for the > purposes of privilege escalation in cases where pure Python would be safer.
The Filter mechanism could easily be extended so that rather than always executing an external command, it could run some python code as root instead. Any other reason why you think it's not a viable long-term solution ? -- Thierry Carrez (ttx) Release Manager, OpenStack _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
