Hi Wojciech ,
Thanks for your attention about sysclone. Yes, you are right, this is security hole.
When xCAT developed sysclone, we payed most attention on basic function.
Due to there is little customer try this feature in their real business, so this feature has low priority now.
We maybe refine this feature (including enhance security) in future, but won't be very soon.
xCAT is an open source software, if you can contribute for this feature, we are welcome. Thank you very much.
Best Regards!
--------------------------------------------------------------
Hu, Wei Hua (胡卫华)
IBM China System Technology Laboratory
Email: huwei...@cn.ibm.com
Tel: 86-10-82453253
Address: Building 28, ZhongGuanCun Software Park,
No.8, Dong Bei Wang West Road, Haidian District Beijing 100193, PRC
北京市海淀区东北旺西路8号中关村软件园28号楼
邮编: 100193
----- Original message -----
From: Wojciech Turek <woj...@gmail.com>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc:
Subject: [xcat-user] sysclone provisioning and security
Date: Thu, Oct 26, 2017 9:24 PM
It appears that when using sysclone provisioning method the rsyncd deamon started by systemimager on teh xcat server is allowing any user with no password to connect and download any xcat sysclone image.If the provisioning network is shared with the same network that users use to connect to nodes that means that any user can download an xcat syclone image. That is a potential big security hole. Was sysclone intended to be use only on secure provisioning network (not mentioned in sysclone manual) ? Would anyone recommend a way to restrict systemimager to not allow passwordless access from any user on the provisioning network?--
Wojciech
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=KJmZdxVBBcPyTyxMEfKPH10vNJ7UD84dE3um4_gFkis&m=MWXkSkyoO_WXZDNJ3OXSykrvl0RAhPaLJYvOWRBnWIs&s=W3s6ogAQFlERbMfTEXS8E9vd9pmUfj0GzxM4dmoRjLc&e=_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_xcat-2Duser&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=KJmZdxVBBcPyTyxMEfKPH10vNJ7UD84dE3um4_gFkis&m=MWXkSkyoO_WXZDNJ3OXSykrvl0RAhPaLJYvOWRBnWIs&s=fHCu6-99_OrxOJT_mfq95ltiNLQppi96jw3URhDT3xs&e=
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
