Opened 16 years ago

Closed 15 years ago

#86 closed defect (fixed)

Do not run debootstrap on dom0

Reported by: andersk Owned by: price
Priority: blocker Milestone: Public Beta
Component: autoinstallers Version:
Keywords: Cc:


Before we go public beta, we need to make sure that our service is secure. We're currently deploying an autoinstaller infrastructure that involves running debootstrap on dom0, which is a very scary idea security-wise. I'm creating this ticket to remind us to fix this.

   xvm / autoinstaller / andersk  18:33  (Anders H Kaseorg)
       I just demonstrated that there's a security hole _now_, with the
       infrastructure that you would have deployed if I han't pointed out
       this problem.
   xvm / autoinstaller / andersk  18:34  (Anders H Kaseorg)
       debootstrap is too complicated for us to be able to think about all
       the security implications of running it in dom0.  This is simply a
       bad idea.
   xvm / autoinstaller / andersk  18:35  (Anders H Kaseorg)
       You need to come up with a way to push this work into a VM.
   xvm / autoinstaller / price  18:36  (Gregory N. Price)
       Maybe it's best if we plan to make that happen before we call this a
       beta service.  Right now it's an alpha service, and the easiest way to
       root dom0 is to put a keylogger on an office head.

Change History (1)

comment:1 Changed 15 years ago by broder

  • Resolution set to fixed
  • Status changed from new to closed

Done in a whole host of revisions, but specifically handled by the sipb-xen-autoinstaller-guest package

Note: See TracTickets for help on using tickets.