Well, if a stranger have access to my whole Ceph data (this, all my VMs
& rgw's data), I don't mind if he gets root access too :)
On 01/12/2018 10:18 AM, Van Leeuwen, Robert wrote:
Ceph runs on a dedicated hardware, there is nothing there except Ceph,
and the ceph daemons have already all power on ceph's data.
And there is no random-code execution allowed on this node.
Thus, spectre & meltdown are meaning-less for Ceph's node, and
mitigations should be disabled
Is this wrong ?
In principle, I would say yes:
This means if someone has half a foot between the door for whatever reason you will have to assume they will be able to escalate to root.
Looking at meltdown and spectre is already a good indication of creativity in gaining (more) access.
So I would not assume people are unable to ever gain access to your network or that the ceph/ssh/etc daemons have no bugs to exploit.
I would more phrase it as:
Is the performance decrease big enough that you are willing to risk running a less secure server.
The answer to that depends on a lot of things like:
Performance impact of the patch
Costs of extra hardware to mitigate performance impact
Impact of possible breach (e.g. GPDR fines or reputation damage can be extremely expensive)
Who/what is allowed on your network
How likely you are a hacker target
How good will you sleep knowing there is a potential hole in security :)
Etc.
Cheers,
Robert van Leeuwen
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
