Open Stack

Am 10.02.14 18:26, schrieb Daniel P. Berrange:
> On Mon, Feb 10, 2014 at 06:19:27PM +0100, Thomas Biege wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Am 10.02.2014 17:54, schrieb Daniel P. Berrange:
>>> On Mon, Feb 10, 2014 at 05:42:08PM +0100, Thomas Biege wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>
>>>> Hi, are there plans to rename the eventlet_backdoor.py module
>>>> used in the OpenStack code at various places?
>>>>
>>>> The naming is bad and creates the impression that a backdoor is
>>>> in OpenStack. In the current situation it might be an issue the 
>>>> press/blogs are waiting for.
>>>>
>>>> Even if renamed the openstack documentation should make it very
>>>> clear what happens if the admins switches on this option.
>>>>
>>>> What do you think?
>>>
>>> NB if you enable this feature you basically *have* setup a backdoor
>>> into the app for anyone who can connect to the nominated TCP port.
>>> So in that sense this is actually accurately named and should serve
>>> to discourage any deployers from enabling it without considering
>>> the consequences.
>>
>> I am not sure that the name alone creates enough awareness. I also
>> fear that the feature gets switched on, the problem is debugged, and
>> then it will not be turned off again. Like ATMs that eject the money
>> first and then the debit card, which leads to the card being left in
>> the card reader slot because the customer has what he wants, the money.
>>
>> What about removing or restricting the feature?
> 
> FYI we have developed a new feature which is intended to replace
> some of the original uses cases for the backdoor, in a saner
> manner:
> 
>   https://blueprints.launchpad.net/oslo/+spec/guru-meditation-report
> 
> This is a feature that will be enabled at all times. An admin merely
> has to send SIGUSR1 to the process to get it to dump all its interesting
> state to stderr for troubleshooting. I think this will be far more useful
> for production environments, and of course safer to since it isn't
> exposing an arbitrary python shell on an unauthenticated, unencrypted
> TCP port.

Yes, this feature looks really important, not only because it removes
the backdoor issue.

Best,
Thomas
> 
> Once guru meditation support is merged into all projects, personally
> I'd have no issue with killing the eventlet backdoor entirely. Others
> may disagree of course, but it is a conversation worth having IMHO.
> 
> Daniel
> 


-- 
Thomas Biege <thomas at suse.de>, Team Leader MaintenanceSecurity, CSSLP
SUSE LINUX Products GmbH
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
HRB 21284 (AG Nürnberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 560 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140213/0f6e4912/attachment.sig>