https://bugzilla.redhat.com/show_bug.cgi?id=1498151
Bug ID: 1498151
Summary: Move download server and salt-master to the community
cage
Product: GlusterFS
Version: mainline
Component: project-infrastructure
Assignee: b...@gluster.org
Reporter: msche...@redhat.com
CC: b...@gluster.org, gluster-infra@gluster.org
Description of problem:
Today, yet another rowhammer style attack paper went out, explaining
https://arxiv.org/pdf/1710.00551.pdf (there is a link to the various papers)
While this is not a new attack, and I guess a rather complex one to mount, we
should mitigate the risk by moving the download server and the ansible
deployment in the cage. I heard about people using rowhammer to flip some bits
to bypass pam verification (no paper or conference have been published yet
afaik, so i wasn't able to evaluate the praticality).
While rackspace is using ECC (or so do I hope, that's what lshw report) and
that's mitigating the attack to be a denial of service only, I would sleep
better at night if we moved the 2 servers out of rackspace and in the cage in
case improvements to the attack do get published.
The rest of the VM are not as critical as theses 2, even if the freeipa server
should also be moved.
I am already in the process of moving salt-master since some weeks, I just need
to finish the move.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=6V0YhcyGzn&a=cc_unsubscribe
_______________________________________________
Gluster-infra mailing list
Gluster-infra@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-infra
