On Wed, 20 Jan 2016 at 11:09 Klaus Aehlig <[email protected]> wrote: > On Tue, Jan 19, 2016 at 04:15:01PM +0100, 'Helga Velroyen' via > ganeti-devel wrote: > > There is a bug in the current implementation of > > backend.RenewCrypto. Before re-generating keys, it checks > > if the current key of each node is in the Ganeti public key > > file. This was intended as a security feature, but actually > > does not work like that. The Ganeti public key file does > > only contain the keys of the potential master candidates. > > In case of a key-renewal, all nodes' keys are renewed and > > that includes the normal nodes (which are not potential > > master candidates). This patch removes these checks to > > make sure renewal does not fail if a cluster contains > > normal nodes. > > > > Note: since potential master candidates are not fully > > implemented yet, this did not show up on actual clusters. > > The unit test which is implemented in a later patch of > > this series revealed this flaw. > > > I'm a bit confused by this patch. You say, you're removing > a check that was added for security reasons. Doesn't this require > an update of the design and a discussion of how this affects > the invariants the security model is built on? >
The design doc does not cover renew-crypto in the detail that would describe this aspect. Hence there is no need to correct it. When I implemented it, I thought it was a good idea, but apparently I did not think it it through well enough and hence this correction is necessary. As it was just an additional security measure, I think it is okay to leave this out. The sub-functions for adding/removing keys are unchanged and their security measures are described in the doc and are still working and valid. Cheers, Helga > > Thanks, > Klaus > > -- > Klaus Aehlig > Google Germany GmbH, Dienerstr. 12, 80331 Muenchen > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschaeftsfuehrer: Matthew Scott Sucherman, Paul Terence Manicle > -- Helga Velroyen Software Engineer [email protected] Google Germany GmbH Erika-Mann-Strasse 33 80636 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, leiten Sie diese bitte nicht weiter, informieren Sie den Absender und löschen Sie die E-Mail und alle Anhänge. Vielen Dank. This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks.
