openstack-attic/openstack-security-notes
Code Issues Proposed changes
15 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Malini Bhandaru fd714a9be8 Add OSSN-0014 - Cinder drivers set insecure file permissions 
This adds OSSN-0014, which covers the introduction of files with liberal
access permissions by multiple Cinder drivers in OpenStack Icehouse and
earlier. Users with access to the Cinder host and processes running
on the Cinder host can exploit the file permissions to disclose,
modify, and/or destroy user block storage data.

Closes-Bug: 1260679
Change-Id: I4ac9e746401051d85cb9cfbcad3c88b04f23106c
2014-05-29 11:59:35 -07:00
notes
Add OSSN-0014 - Cinder drivers set insecure file permissions
2014-05-29 11:59:35 -07:00
templates
Modified templates to wrap lines at 72 characters
2014-03-06 18:51:31 -08:00
.gitreview
Add gitreview file
2014-04-01 16:53:46 -07:00
README.md
Add previously published security notes
2014-02-12 21:35:18 -08:00

README.md

OpenStack Security Notes (OSSN)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Repository Layout

This repository contains published Security Notes and templates that should be used when creating new Security Notes.

notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates

Useful Links

A list of published Security Notes is available here:

https://wiki.openstack.org/wiki/Security_Notes

The process used to create new Security Notes is available here:

https://wiki.openstack.org/wiki/Security/Security_Note_Process
Description
No description provided
Readme 603 KiB
Languages
Text 100%