[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ha-dev
Subject:    RE: [Linux-ha-dev] Security Aspect of SA HPI
From:       "Zou, Yixiong" <yixiong.zou () intel ! com>
Date:       2003-07-30 21:27:14
[Download RAW message or body]

> -----Original Message-----
> From: Alan Robertson [mailto:alanr@unix.sh]
> Sent: Wednesday, July 30, 2003 12:46 PM
> To: linux-ha-dev@lists.community.tummy.com
> Subject: Re: [Linux-ha-dev] Security Aspect of SA HPI
> 
> 
> Zou, Yixiong wrote:
> > Hi Alan,
> > 
> > I am investigating the STONITH module that uses the OpenHPI 
> right now. 
> > I remembered you mentioned to me in OLS that the SA-Forum 
> spec is very
> > bad in the aspect of the security.  But I don't remember the details
> > any more.  Could you tell me again what is your concern? 
> 
> The concern is that anyone is allowed to connect to a replica 
> and read the 
> data, and also to write the data.  This is VERY bad.  So bad 
> that I'd call 
> it grossly irresponsible.
> 
> The API needs to be able to create a set of credentials that 
> are allowed to 
> connect to the replica for reading, and a set of credentials that are 
> allowed to connect to it for writing, and another which is 
> allowed to change 
> the location of the master replica.  The IPC interface 
> supports this kind of 
> security.
> 
> Does this make sense to you?

Yes.  


> > My plan is to also write a STONITH plugin that uses the 
> HPI.  If the 
> > security is an issue, I'd like to know that now. 
> 
> The issue is that the HPI object typically needs to be provided some 
> device-specific configuration information - which typically 
> includes access 
> information.  But, the security concerns (or insecure design) 
> comes by this 
> device-specific information.  However secure or insecure a 
> particular HPI 
> implementation is, you just reflect that up the line through 
> the STONITH 
> information, hopefully without changing the security 
> implications at all.
> 
> For example, some devices might be protected by UNIX device 
> permissions. 
> Others might be protected by login and password.  Others 
> might be protected 
> by public/private keys, etc.
> 
> However the device wants you to authenticate yourself, you 
> just have to 
> support that --- and reflect it back up the STONITH 
> configuration interface.
> 

Right now we only have a dummy HPI plugin available which
does nothing.  The real device that's connected to a specific
hardware has not been invented yet.  I will certainly keep
this issue in mind when I do the implementation. 

Thanks. 
------------------------------------------------------------------------
Yixiong Zou (yixiong.zou@intel.com)
(503) 677-4988

All views expressed in this email are those of the individual sender. 


_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.community.tummy.com
http://lists.community.tummy.com/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

[prev in list] [next in list] [prev in thread] [next in thread]