Thanks for the detailed report Jamie.
As discussed on IRC, the server team will have an active role in
supporting this regarding bug fixes, and active involvement in
supporting the security team as required.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Thanks Dave. This is satisfactory to the security team. Please continue
to work with upstream on the 'sudoers problem' so that can be resolved
for 12.04.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
promoted
** Changed in: nova (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications about this
** Changed in: nova (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage
Kees and I discussed this today, so I will summarize the conversation
(keep in mind I have not reviewed the code personally and Kees only
performed a shallow audit):
* Size and scope: nova is a very large and complex piece of software
with many daemons listening on the network and there is too
Replacing the plain sudoers by a more precise argument-filtering wrapper is in
the works, but won't happen in Oneiric.
See https://blueprints.launchpad.net/nova/+spec/nova-rootwrap
and lp:~ttx/nova/privsep2
--
You received this bug notification because you are a member of Ubuntu
Server Team,
This is a step in the right direction (regex arg filtering is better
than filename-glob filtering), but I think this probably needs to have
even more logic built in. For example, running ip ... $interface ...
might need logic to have the wrapper look up the interface and decide if
it is actually a
Quick notes:
* should use /run instead of /var/run
* while it's nice to have the sudoers split, the sudoers fragment is wildly
permissive (chown as root is trivial to exploit). I would recommend specific
helper scripts that validate the logic of the requested dangerous commands (see
the
** Description changed:
- Work in progress / Incomplete.
-
- Build dependencies...
- * python-carrot binary and source package is in universe
- * python-amqplib binary and source package is in universe
- * python-glance binary and source package is in universe
- * python-novaclient binary
** Changed in: nova (Ubuntu)
Milestone: ubuntu-11.10-beta-1 = ubuntu-11.10-beta-2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications
** Description changed:
Work in progress / Incomplete.
Build dependencies...
- * python-carrot binary and source package is in universe
- * python-amqplib binary and source package is in universe
- * python-glance binary and source package is in universe
- * python-novaclient binary
** Description changed:
Work in progress / Incomplete.
- Build depends to resolve before this can progress:
- * python-gflags binary and source package is in universe
- * python-mox binary and source package is in universe
+ Build dependencies...
* python-carrot binary and source
** Changed in: nova (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications about this bug go to:
** Changed in: nova (Ubuntu)
Milestone: oneiric-alpha-3 = ubuntu-11.10-beta-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications
** Tags added: server-o-mir
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications about this bug go to:
15 matches
Mail list logo