https://bugzilla.redhat.com/show_bug.cgi?id=1498151
Bug ID: 1498151 Summary: Move download server and salt-master to the community cage Product: GlusterFS Version: mainline Component: project-infrastructure Assignee: b...@gluster.org Reporter: msche...@redhat.com CC: b...@gluster.org, gluster-infra@gluster.org Description of problem: Today, yet another rowhammer style attack paper went out, explaining https://arxiv.org/pdf/1710.00551.pdf (there is a link to the various papers) While this is not a new attack, and I guess a rather complex one to mount, we should mitigate the risk by moving the download server and the ansible deployment in the cage. I heard about people using rowhammer to flip some bits to bypass pam verification (no paper or conference have been published yet afaik, so i wasn't able to evaluate the praticality). While rackspace is using ECC (or so do I hope, that's what lshw report) and that's mitigating the attack to be a denial of service only, I would sleep better at night if we moved the 2 servers out of rackspace and in the cage in case improvements to the attack do get published. The rest of the VM are not as critical as theses 2, even if the freeipa server should also be moved. I am already in the process of moving salt-master since some weeks, I just need to finish the move. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6V0YhcyGzn&a=cc_unsubscribe _______________________________________________ Gluster-infra mailing list Gluster-infra@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-infra