[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha-dev
Subject: RE: [Linux-ha-dev] Security Aspect of SA HPI
From: "Zou, Yixiong" <yixiong.zou () intel ! com>
Date: 2003-07-30 21:27:14
[Download RAW message or body]
> -----Original Message-----
> From: Alan Robertson [mailto:alanr@unix.sh]
> Sent: Wednesday, July 30, 2003 12:46 PM
> To: linux-ha-dev@lists.community.tummy.com
> Subject: Re: [Linux-ha-dev] Security Aspect of SA HPI
>
>
> Zou, Yixiong wrote:
> > Hi Alan,
> >
> > I am investigating the STONITH module that uses the OpenHPI
> right now.
> > I remembered you mentioned to me in OLS that the SA-Forum
> spec is very
> > bad in the aspect of the security. But I don't remember the details
> > any more. Could you tell me again what is your concern?
>
> The concern is that anyone is allowed to connect to a replica
> and read the
> data, and also to write the data. This is VERY bad. So bad
> that I'd call
> it grossly irresponsible.
>
> The API needs to be able to create a set of credentials that
> are allowed to
> connect to the replica for reading, and a set of credentials that are
> allowed to connect to it for writing, and another which is
> allowed to change
> the location of the master replica. The IPC interface
> supports this kind of
> security.
>
> Does this make sense to you?
Yes.
> > My plan is to also write a STONITH plugin that uses the
> HPI. If the
> > security is an issue, I'd like to know that now.
>
> The issue is that the HPI object typically needs to be provided some
> device-specific configuration information - which typically
> includes access
> information. But, the security concerns (or insecure design)
> comes by this
> device-specific information. However secure or insecure a
> particular HPI
> implementation is, you just reflect that up the line through
> the STONITH
> information, hopefully without changing the security
> implications at all.
>
> For example, some devices might be protected by UNIX device
> permissions.
> Others might be protected by login and password. Others
> might be protected
> by public/private keys, etc.
>
> However the device wants you to authenticate yourself, you
> just have to
> support that --- and reflect it back up the STONITH
> configuration interface.
>
Right now we only have a dummy HPI plugin available which
does nothing. The real device that's connected to a specific
hardware has not been invented yet. I will certainly keep
this issue in mind when I do the implementation.
Thanks.
------------------------------------------------------------------------
Yixiong Zou (yixiong.zou@intel.com)
(503) 677-4988
All views expressed in this email are those of the individual sender.
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.community.tummy.com
http://lists.community.tummy.com/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic