Re: [Gluster-users] User-serviceable snapshots design

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






On Thu, May 8, 2014 at 12:20 PM, Jeff Darcy <jdarcy@xxxxxxxxxx> wrote:
> They were: a) snap view generation requires privileged ops to
> glusterd. So moving this task to the server side solves a lot of those
> challenges.

Not really.  A server-side component issuing privileged requests
whenever a client asks it to is no more secure than a client-side
component issuing them directly.

client cannot ask the server side component to do any privileged requests on its behalf. If it has the right to connect to the volume, then it can issue a readdir() request and get served with whatever is served to it. If it presents an unknown filehandle, snap-view-server returns ESTALE.
 
 There needs to be some sort of
authentication and authorization at the glusterd level (the only place
these all converge).  This is a more general problem that we've had with
glusterd for a long time.  If security is a sincere concern for USS,
shouldn't we address it by trying to move the general solution forward?

The goal was to not make the security problem harder or worse. With this design the privileged operation is still contained within the server side. If clients were to issue RPCs to glusterd (to get list of snaps, their volfiles etc.), it would have been a challenge for the general glusterd security problem.

_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://supercolony.gluster.org/mailman/listinfo/gluster-devel

[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux