Opened 17 years ago
Closed 16 years ago
#86 closed defect (fixed)
Do not run debootstrap on dom0
| Reported by: | andersk | Owned by: | price |
|---|---|---|---|
| Priority: | blocker | Milestone: | Public Beta |
| Component: | autoinstallers | Version: | |
| Keywords: | Cc: |
Description
Before we go public beta, we need to make sure that our service is secure. We're currently deploying an autoinstaller infrastructure that involves running debootstrap on dom0, which is a very scary idea security-wise. I'm creating this ticket to remind us to fix this.
xvm / autoinstaller / andersk 18:33 (Anders H Kaseorg)
I just demonstrated that there's a security hole _now_, with the
infrastructure that you would have deployed if I han't pointed out
this problem.
xvm / autoinstaller / andersk 18:34 (Anders H Kaseorg)
debootstrap is too complicated for us to be able to think about all
the security implications of running it in dom0. This is simply a
bad idea.
xvm / autoinstaller / andersk 18:35 (Anders H Kaseorg)
You need to come up with a way to push this work into a VM.
xvm / autoinstaller / price 18:36 (Gregory N. Price)
Maybe it's best if we plan to make that happen before we call this a
beta service. Right now it's an alpha service, and the easiest way to
root dom0 is to put a keylogger on an office head.
Change History (1)
comment:1 Changed 16 years ago by broder
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Done in a whole host of revisions, but specifically handled by the sipb-xen-autoinstaller-guest package