[ClusterLabs] Pacemaker security issues discovered and patched

Jan Pokorný jpokorny at redhat.com
Wed Apr 17 18:41:07 EDT 2019 

On 17/04/19 12:09 -0500, Ken Gaillot wrote:
> Without the patches, a mitigation is to prevent local user access to
> cluster nodes except for cluster administrators (which is the
> recommended and most common deployment model).

Not trying to artificially amplify the risk in response to the above,
but I think it's important to perceive threat models in the wider
context:

- mitigating factor: machines (and interconnects) usually isolated
  and controlled to a significant extent (for instance to make fencing
  feasible to start with) as mentioned

- provoking factor: cluster is usually predestined to deliver
  service(s) not necessarily bullet-proof themselves to a wide range
  of users, not necessarily to those with all-good intents
  (so the whole chain throughout may consist of many small steps,
  low hanging fruit is usually long harvested)

It would be hypocritical to close eyes from the latter, mileage
for each deployment can vary, just as precautions taken etc.
Not being even a passive enabler shall be a general goal across
the industry (note that the most severe case was nothing that
the chosen implementation language could be blamed for -- with
the 2019-marked one, well, perhaps).

* * *

As an extra note, thanks in advance to whoever will put the effort
to keep an eye on the after-patch behaviour and report back any
shenanigans observed!  Let's restate the upstream issue tracker for
pacemaker, since it appears to be gone from the list footer since
around March 19: https://bugs.clusterlabs.org

And as far as dislosing the possibly sensitive problems with SW
some in this community happen to maintain and contribute to is
concerned, the recommended and most vendor-neutral (these are the
main drivers, let's admit) option at this time is this list per
its rules: https://oss-security.openwall.org/wiki/mailing-lists/distros
(That is, unless there's an active interest to build something
unified collectively for what can be associated with ClusterLabs.)

Private issues would also do where possible, but at the end of
the day, any report is preferred to no report when at least
semi-reasonably routed.

Thanks!

-- 
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20190418/d7d4841c/attachment.sig>

More information about the Users mailing list