Improving How OpenStack Nova Runs Privileged Commands

  By admin | November 26, 2011 - 4:00 am | Read Write Web

This post is part of our ReadWriteCloud channel, which is dedicated to covering virtualization and cloud computing. The channel is sponsored by Intel and VMware. Read the case study about how Intel Xeon processors and VMware deliver unprecedented reliability in the face of RAM errors.

Thumbnail image for OpenStack logoOpenStack release manager Thierry Carrez examines OpenStack Nova’s current privilege model and how it’s being improved with the root_helper option.

Right now, OpenStack uses sudo to escalate privileges when it needs to run a root command. The problem with this, says Thierry, is that sudo doesn’t provide a way to efficiently filter commands, which could be used to exploit systems.

“As an example, the current nova_sudoers file contains commands like chown, kill, dd or tee, which are more than enough to compromise a target system completely,” says Thierry.

To fix this, Thierry worked on a filter that gives Nova a configurable “root helper.” By default, this is still sudo but it could be something else. The “something else” is what Thierry is working on now, and taking feedback as well.

The primary goals are:

  • Provide a command filter that checks arguments as well as commands run.
  • Provide a way to run as users other than root when root privileges aren’t necessary.
  • Separate filters by the type of node running Nova, as not all nodes need to run root commands at all.

Thierry is working on a Python based implementation of this, and looking for feedback on other necessary features. Any other features that Thierry should be looking at?

Posted in

and tagged with

Tell us about your road to the cloud and win a MacBook Air with an Intel® Core™ 2 Duo Processor. This month’s question:

What workloads are you running under virtualization, and what are you holding back?

OpenStack release manager Thierry Carrez examines OpenStack Nova’s current privilege model and how it’s being improved with the root_helper option.nnRight now, OpenStack uses sudo to escalate privileges when it needs to run a root command. The problem with this, says Thierry, is that sudo doesn’t provide a way to efficiently filter commands, which could be used to exploit systems.
Please enable JavaScript to view the comments powered by Disqus.

Article source: ReadWriteWeb

Tagged . Bookmark the permalink.

Comments are closed.