Comment 4 for bug 1015531

The trick is that you can't decide at utils.execute() level what generic argument is or is not safe. In some cases passing "../.." is perfectly accepted use !

I see your point though... and as a strengthening low-level measure the rootwrap filter that allows to run mkdir/tee as root should also do a deeper inspection on arguments to check that it only affects nova stuff.