I can't figure out how this would cause issues except via extreme side-channels for negligible data. The monitor freely advertises the FSID when you poke at it, so anybody who has access to a network can find it trivially. So all we're really looking at is if there's some way to correlate publicly-accessible data that includes an FSID but is otherwise considered private. And telemetry would be the way to do that. What sort of use case are you thinking of? That would let us try and come up with more informed attacks on it. :) -Greg On Wed, Mar 2, 2022 at 9:05 AM Blaine Gardner <brgardne@xxxxxxxxxx> wrote: > > Hi all, > > Is the FSID of a Ceph cluster considered sensitive information? With the FSID of a cluster, could someone do anything nefarious that they otherwise might not be able to? > > For example, someone guessed that one could possibly correlate non-public telemetry data to a specific cluster, but it was confirmed that telemetry cluster id is a randomly generated uuid which is not related to the cluster's FSID. > > Thanks, > Blaine > _______________________________________________ > Dev mailing list -- dev@xxxxxxx > To unsubscribe send an email to dev-leave@xxxxxxx _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
