> Ceph runs on a dedicated hardware, there is nothing there except Ceph, > and the ceph daemons have already all power on ceph's data. > And there is no random-code execution allowed on this node. > > Thus, spectre & meltdown are meaning-less for Ceph's node, and > mitigations should be disabled > > Is this wrong ? In principle, I would say yes: This means if someone has half a foot between the door for whatever reason you will have to assume they will be able to escalate to root. Looking at meltdown and spectre is already a good indication of creativity in gaining (more) access. So I would not assume people are unable to ever gain access to your network or that the ceph/ssh/etc daemons have no bugs to exploit. I would more phrase it as: Is the performance decrease big enough that you are willing to risk running a less secure server. The answer to that depends on a lot of things like: Performance impact of the patch Costs of extra hardware to mitigate performance impact Impact of possible breach (e.g. GPDR fines or reputation damage can be extremely expensive) Who/what is allowed on your network How likely you are a hacker target How good will you sleep knowing there is a potential hole in security :) Etc. Cheers, Robert van Leeuwen _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |