<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 7, 2013 at 9:08 AM, Clint Byrum <span dir="ltr"><<a href="mailto:clint@fewbar.com" target="_blank">clint@fewbar.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":48p" style="overflow:hidden">So what is needed is domain specific command execution and segregation<br>
of capabilities.</div></blockquote></div><br>To further this, I know that a lot of security minded people consider this types of agent sorts of backdoors. Having one generic "backdoor" that can do everything is something that could be less acceptable as you would not have the choice to pinpoint what you'd like to allow it to do, or then the constraints in terms of fine grained access control becomes huge. I did not realize this until I too spoke with Scott about this. Cloud-init, or any such generic tool, should only enable deployment domain specific tool, based on the specific needs of given use case, not become an agent (backdoor) itself.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">This said, I imagine we could get some benefits out of a generic framework/library that could be used create such agents in a manner where base authentication and access control is done properly. This would allow to simplify security analysis and impacts of agents developped using that framework, but the framework itself should never become a generic binary that is deploy everywhere by default and allow way too much in itself. Binary instances of agents written using the framework would be what could be eventually deployed via cloud-init on a case by case basis.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Wdyt?</div><div class="gmail_extra"><br></div><div class="gmail_extra">Nick</div><div class="gmail_extra"><br clear="all"><div><br></div>-- <br><div dir="ltr"><span style="font-family:courier new,monospace">Nicolas Barcet <<a href="mailto:nicolas@barcet.com" target="_blank">nicolas@barcet.com</a>><br>
a.k.a. nijaba, nick<br></span></div>
</div></div>