Opened 16 years ago
Closed 16 years ago
#86 closed defect (fixed)
Do not run debootstrap on dom0
Reported by: | andersk | Owned by: | price |
---|---|---|---|
Priority: | blocker | Milestone: | Public Beta |
Component: | autoinstallers | Version: | |
Keywords: | Cc: |
Description
Before we go public beta, we need to make sure that our service is secure. We're currently deploying an autoinstaller infrastructure that involves running debootstrap on dom0, which is a very scary idea security-wise. I'm creating this ticket to remind us to fix this.
xvm / autoinstaller / andersk 18:33 (Anders H Kaseorg) I just demonstrated that there's a security hole _now_, with the infrastructure that you would have deployed if I han't pointed out this problem. xvm / autoinstaller / andersk 18:34 (Anders H Kaseorg) debootstrap is too complicated for us to be able to think about all the security implications of running it in dom0. This is simply a bad idea. xvm / autoinstaller / andersk 18:35 (Anders H Kaseorg) You need to come up with a way to push this work into a VM. xvm / autoinstaller / price 18:36 (Gregory N. Price) Maybe it's best if we plan to make that happen before we call this a beta service. Right now it's an alpha service, and the easiest way to root dom0 is to put a keylogger on an office head.
Change History (1)
comment:1 Changed 16 years ago by broder
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Done in a whole host of revisions, but specifically handled by the sipb-xen-autoinstaller-guest package