On 13-1-2017 15:26, Sage Weil wrote: > In order to make this happen, we'd probably want to make > cluster_network default to public_network if it is empty. That is a > little odd on the face of it, but I can't think of a situation where > someone would want to define a specific public network and *not* define a > private one, so... > > Is that reasonable? Perhaps something like PR #12929 --WjW > sage > > > On Fri, 13 Jan 2017, Willem Jan Withagen wrote: > >> Hi, >> >> This is an observation on the user-list. >> And I do agree with it whole hartedly. >> >> And it stems from the first binding where 0.0.0.0 is used to bind. >> From the top of my head somewhere in msg/async. It starts out with >> 0.0.0.0 but on rebinds it binds to an actual ipnr. >> >> If the idea here is that we need to bind to either private/public IP, I >> can look into that. >> >> --WjW >> >> >> -------- Forwarded Message -------- >> Subject: [ceph-users] Inherent insecurity of OSD daemons when using only >> a "public network" >> Date: Fri, 13 Jan 2017 17:07:13 +0900 >> From: Christian Balzer <chibi@xxxxxxx> >> Organization: FusionGOL >> To: ceph-users <ceph-users@xxxxxxxxxxxxxx> >> >> >> Hello, >> >> Something I came across a while agao, but the recent discussion here >> jolted my memory. >> >> If you have a cluster configured with just a "public network" and that >> network being in RFC space like 10.0.0.0/8, you'd think you'd be "safe", >> wouldn't you? >> >> Alas you're not: >> --- >> root@ceph-01:~# netstat -atn |grep LIST |grep 68 >> tcp 0 0 0.0.0.0:6813 0.0.0.0:* >> LISTEN tcp 0 0 0.0.0.0:6814 0.0.0.0:* >> LISTEN tcp 0 0 10.0.0.11:6815 0.0.0.0:* >> LISTEN tcp 0 0 10.0.0.11:6800 >> 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6801 >> 0.0.0.0:* LISTEN tcp 0 0 >> 0.0.0.0:6802 0.0.0.0:* LISTEN etc.. >> --- >> >> Something that people most certainly would NOT expect to be the default >> behavior. >> >> Solution, define a complete redundant "cluster network" that's identical >> to the public one and voila: >> --- >> root@ceph-02:~# netstat -atn |grep LIST |grep 68 >> tcp 0 0 10.0.0.12:6816 0.0.0.0:* >> LISTEN tcp 0 0 10.0.0.12:6817 0.0.0.0:* >> LISTEN tcp 0 0 10.0.0.12:6818 0.0.0.0:* >> LISTEN etc. >> --- >> >> I'd call that a security bug, simply because any other daemon on the >> planet will bloody bind to the IP it's been told to in its respective >> configuration. >> >> The above is with Hammer, any version. >> >> Christian >> -- >> Christian Balzer Network/Systems Engineer >> chibi@xxxxxxx Global OnLine Japan/Rakuten Communications >> http://www.gol.com/ >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
