On Wed, May 4, 2011 at 4:36 PM, Lars Ellenberg <lars.ellenb...@linbit.com> wrote: > Services running under Pacemaker control are probably "critical", > so a malicious person with even only "stop" access on the CIB > can do a DoS. I guess we have to assume people with any write access > at all to the CIB are "trusted", and not malicious.
Exactly. If the cluster (or access to it) has been compromised, you're in for so much pain that a symlink RA is the least of your problems. A generic cluster manager is, by design, a way to run arbitrary scripts as root - there's no coming back from there. _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
