Security/OpenStack Security Impact Checks

OpenStack security is getting greater scrutiny as adoption increases. At the OpenStack Icehouse summit we wondered if there might be some automated tests we could incorporate to capture some anti-security patterns. Crowd source from the developer, operator, and user community tips, tricks, experiences. Several of these could be incorporated as tests that run as part of gate tests, to check for anti-security patterns at code merge time. As a first pass the results could be listed as warnings and later mechanisms built into OpenStack to explicityly list legitimate exceptions to the tests developed on perhaps a per line basis (if on a line basis .. the exception list would need to be modified each time the code shifted in the file due to other changes in the file). At the very least these tests could alert reviewers.

For instance, consider cinder file permissions bug, the footprint of the bug was determined with a grep, a check for "chmod" with promiscuous settings for group and world. It transpired that some of the settings where 777 or 666.

Yet another check possible is looking for shell command executions as root. Occasionally these cannot be avoided but alerting to these helps the developer re-think the code and at the very least justify its need.

We would like this wiki to serve as crowd sourcing point. Please provide your IRC handle to ensure we can quiz you for clarification. Alternately respond on the openstack-dev mailing list and we shall integrate suggestions into this wiki. Later hopefully several of these will land as gate tests with warning messages.