On Wed, 20 Jan 2016 at 11:09 Klaus Aehlig <[email protected]> wrote:

> On Tue, Jan 19, 2016 at 04:15:01PM +0100, 'Helga Velroyen' via
> ganeti-devel wrote:
> > There is a bug in the current implementation of
> > backend.RenewCrypto. Before re-generating keys, it checks
> > if the current key of each node is in the Ganeti public key
> > file. This was intended as a security feature, but actually
> > does not work like that. The Ganeti public key file does
> > only contain the keys of the potential master candidates.
> > In case of a key-renewal, all nodes' keys are renewed and
> > that includes the normal nodes (which are not potential
> > master candidates). This patch removes these checks to
> > make sure renewal does not fail if a cluster contains
> > normal nodes.
> >
> > Note: since potential master candidates are not fully
> > implemented yet, this did not show up on actual clusters.
> > The unit test which is implemented in a later patch of
> > this series revealed this flaw.
>
>
> I'm a bit confused by this patch. You say, you're removing
> a check that was added for security reasons. Doesn't this require
> an update of the design and a discussion of how this affects
> the invariants the security model is built on?
>

The design doc does not cover renew-crypto in the detail that would
describe this aspect. Hence there is no need to correct it.

When I implemented it, I thought it was a good idea, but apparently I did
not think it it through well enough and hence this correction is necessary.

As it was just an additional security measure, I think it is okay to leave
this out. The sub-functions for adding/removing keys are unchanged and
their security measures are described in the doc and are still working and
valid.

Cheers,
Helga




>
> Thanks,
> Klaus
>
> --
> Klaus Aehlig
> Google Germany GmbH, Dienerstr. 12, 80331 Muenchen
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschaeftsfuehrer: Matthew Scott Sucherman, Paul Terence Manicle
>
-- 

Helga Velroyen
Software Engineer
[email protected]

Google Germany GmbH
Erika-Mann-Strasse 33
80636 München

Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind,
leiten Sie diese bitte nicht weiter, informieren Sie den Absender und
löschen Sie die E-Mail und alle Anhänge. Vielen Dank.

This e-mail is confidential. If you are not the right addressee please do
not forward it, please inform the sender, and please erase this e-mail
including any attachments. Thanks.

Reply via email to