On 17/04/19 12:09 -0500, Ken Gaillot wrote: > Without the patches, a mitigation is to prevent local user access to > cluster nodes except for cluster administrators (which is the > recommended and most common deployment model).
Not trying to artificially amplify the risk in response to the above, but I think it's important to perceive threat models in the wider context: - mitigating factor: machines (and interconnects) usually isolated and controlled to a significant extent (for instance to make fencing feasible to start with) as mentioned - provoking factor: cluster is usually predestined to deliver service(s) not necessarily bullet-proof themselves to a wide range of users, not necessarily to those with all-good intents (so the whole chain throughout may consist of many small steps, low hanging fruit is usually long harvested) It would be hypocritical to close eyes from the latter, mileage for each deployment can vary, just as precautions taken etc. Not being even a passive enabler shall be a general goal across the industry (note that the most severe case was nothing that the chosen implementation language could be blamed for -- with the 2019-marked one, well, perhaps). * * * As an extra note, thanks in advance to whoever will put the effort to keep an eye on the after-patch behaviour and report back any shenanigans observed! Let's restate the upstream issue tracker for pacemaker, since it appears to be gone from the list footer since around March 19: https://bugs.clusterlabs.org And as far as dislosing the possibly sensitive problems with SW some in this community happen to maintain and contribute to is concerned, the recommended and most vendor-neutral (these are the main drivers, let's admit) option at this time is this list per its rules: https://oss-security.openwall.org/wiki/mailing-lists/distros (That is, unless there's an active interest to build something unified collectively for what can be associated with ClusterLabs.) Private issues would also do where possible, but at the end of the day, any report is preferred to no report when at least semi-reasonably routed. Thanks! -- Jan (Poki)
pgp7Z0i3Gtqjy.pgp
Description: PGP signature
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/