On Thu, May 5, 2011 at 9:09 AM, Florian Haas <florian.h...@linbit.com> wrote: > Rather than going into ACLs in more detail, I wanted to highlight that > however we limit access to the CIB, the resource agents still _execute_ > as root, so we will always have what would normally be considered a > privilege escalation issue. > > Now, we could agree on security guidelines for RAs, and some of those > would certainly be no-brainers to define (such as, don't ever "eval" > unsanitized user input), but I refuse to even suggest to tackle any such > guidelines before the OCF spec update has gotten off the ground. > > One such thing that could be added to the spec would be optional meta > variables named "user" and "group", directing the LRM (or any successor) > to execute the RA as that user rather than root. Just an idea.
Seems plausible. _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
