At 10:38 PM 1/22/2003 -0500, Sean Dague wrote:
Maybe not- and if not everyone agrees after reading the points I mentioned, then I'm quite confident I can go into more depth and make it very clear on the phone call exactly why it's worth it. We needn't split hairs over this one... all we're talking about is having tftpd on, just like we already do in any cluster that is PXE installed. (Granted, some are floppy installed)On Wed, Jan 22, 2003 at 04:16:33PM -0600, Jeremy Enos wrote: > I considered that issue... and I think it's worth it.Um... not all will agree
Previously, I thought we should just turn tftpd off when exiting the wizard. I filed a bug myself about the security risk almost a year ago:
https://sourceforge.net/tracker/?func=detail&aid=529709&group_id=9368&atid=109368
I'd still be saying that, if it weren't for the killer feature of serverside boot control that can be gained by this. So instead, I look at ways to secure it. As I mentioned before, it's no risk at all with pfilter, and the few cases that can't use pfilter can rely on tcp_wrappers. All PXE installed oscar clusters to date are this configuration or less.
Let's make this an agenda item for the call next week.
Jeremy
> It leaves us no less
> secure than on any PXE installed cluster anyway.
Not all clusters are PXE installed.
-Sean
--
_______________________________________________________________________
Sean Dague [EMAIL PROTECTED] http://dague.net
There is no silver bullet. Plus, werewolves make better neighbors than
zombies, and they tend to keep the vampire population down.
_______________________________________________________________________
------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Oscar-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/oscar-devel
