[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /etc visibility



----- Original Message -----
> From: "Alexandre Aguiar" <asouzaaguiar gmail com>
> To: users lists openshift redhat com
> Sent: Monday, September 1, 2014 8:44:26 AM
> Subject: /etc visibility
> 
> Hi,
> 
> From any engine i can see /etc files including /etc/passwd, node.conf...
> 
> This is not a secutiry issue?
> 

We've classified that as a low level information leak.  We've been focusing
on OpenShift-3.0 which is why this issue isn't fixed in OS-2.0.  The number
of attacks that can be done with that information is few which is why it
hasn't been a priority to fix.

For the record, OS-3.0 has /etc namespaced (docker provides this) so it
is fixed in future versions.

   -Mike


> Cheers
> 
> 
> 
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]