Excerpts from Robert Collins's message of 2013-07-23 02:52:11 -0700: > We have a bunch of sudo rules in disk-image-builder. They are there > primarily so we could have passwordless sudo on jenkins boxes, but > working with the infra team now, it looks like we'd run on > devstack-gate nodes, not on jenkins directly, so they aren't needed > for that. > > They don't add appreciable security for end users as they are > trivially bypassed with link attacks. > > And for distributors they are not something you want to install from a > package. > > The only thing the *do* do is permit long running builds to run > unattended by users with out reprompting for sudo; but this isn't an > issue for most users, as we download the bulk of data before hitting > the first sudo call. > > So I'd like to change things to say: > - either run sudo disk-image-create or > - setup passwordless sudo or > - don't run unattended. > > and delete the sudoers.d rules as being a distraction, one we no longer need. > > Opinions?
Keeping it simple seems more useful in keeping diskimage-builder users secure than specifying everything. Perhaps a user who wants to chase higher security will do so using SELinux or AppArmor. +1 for the plan. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev