Opened 17 years ago
Closed 17 years ago
#86 closed defect (fixed)
Do not run debootstrap on dom0
| Reported by: | andersk | Owned by: | price |
|---|---|---|---|
| Priority: | blocker | Milestone: | Public Beta |
| Component: | autoinstallers | Version: | |
| Keywords: | Cc: |
Description ΒΆ
Before we go public beta, we need to make sure that our service is secure. We're currently deploying an autoinstaller infrastructure that involves running debootstrap on dom0, which is a very scary idea security-wise. I'm creating this ticket to remind us to fix this.
xvm / autoinstaller / andersk 18:33 (Anders H Kaseorg)
I just demonstrated that there's a security hole _now_, with the
infrastructure that you would have deployed if I han't pointed out
this problem.
xvm / autoinstaller / andersk 18:34 (Anders H Kaseorg)
debootstrap is too complicated for us to be able to think about all
the security implications of running it in dom0. This is simply a
bad idea.
xvm / autoinstaller / andersk 18:35 (Anders H Kaseorg)
You need to come up with a way to push this work into a VM.
xvm / autoinstaller / price 18:36 (Gregory N. Price)
Maybe it's best if we plan to make that happen before we call this a
beta service. Right now it's an alpha service, and the easiest way to
root dom0 is to put a keylogger on an office head.
Change History (1)
comment:1 Changed 17 years ago by broder
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Done in a whole host of revisions, but specifically handled by the sipb-xen-autoinstaller-guest package