| smoser | alexpilotti, is correct. 'dd if=/dev/zero' is better than 'rm $MOUNTPOINT/*' | 00:09 |
|---|---|---|
| alexpilotti | smoser: not sure what you meant :-) | 00:10 |
| alexpilotti | smoser: in the meantime: libarchive compiled, looks promising | 00:11 |
| smoser | alexpilotti, in your response to yjiang5 | 00:27 |
| smoser | most certainly, vfat is better from a data security perspecitve | 00:27 |
| smoser | than iso. | 00:27 |
| alexpilotti | smoser: why? what’s the difference in wiping with dd a raw hdd containing iso vs vfat? | 00:27 |
| smoser | as why would you 'rm *' when you can 'dd if=/dev/zero of=/dev/by-label/CONFIG_DRIVE' | 00:27 |
| smoser | bah | 00:28 |
| smoser | vfat is *no* better | 00:28 |
| smoser | (that was an important word to miss :) | 00:28 |
| smoser | ie, i agree with " well, you could wipe an ISO raw hdd as well" completely | 00:28 |
| smoser | which is actually an argument against CDROM | 00:28 |
| smoser | :) | 00:28 |
| smoser | unless you were going to attach a cdrw | 00:29 |
| alexpilotti | smoser: on that point, I agree | 00:29 |
| alexpilotti | smoser: but, metadata are no secure mean | 00:29 |
| alexpilotti | so giving the message that you can secure a clear-text config drive just becuase your attacker is not fast enough is IMo absolutely wrong | 00:30 |
| alexpilotti | especially if somebody pretends to put passwords in there | 00:30 |
| alexpilotti | my 2c are that natural selection should take it’s toll in such cases ;-) | 00:31 |
| alexpilotti | anyway, if your suggestion with libarchive works fine, my concerns for not using a raw hdd disappear | 00:32 |
| alexpilotti | and we already agree on ISO, from what I got so far | 00:32 |
| smoser | alexpilotti, your attacker does not have access to your system before you have config drive wiped. | 00:35 |
| smoser | if he does, then all bets are off. | 00:35 |
| smoser | ie, if he's rooted you before rc.local is run, you are compltely SOL | 00:35 |
| smoser | i think we can manage to secure things to thath poitn :) | 00:36 |
| alexpilotti | smoser: what about faulty heat templates for example? | 00:36 |
| alexpilotti | beside that, we also don’t have that advantage on Windows | 00:37 |
| smoser | you're suggesting that my system is rooted before its booted. | 00:37 |
| alexpilotti | while it boots | 00:38 |
| alexpilotti | I guess you’re going to do something with those metadata :-) | 00:38 |
| alexpilotti | true that you can wipe them off before starting any activity | 00:39 |
| alexpilotti | this mitigates a bit more | 00:39 |
| alexpilotti | this precludes anyway execting specific plugins at each boot | 00:40 |
| alexpilotti | unless you plan to store the metadata somewhere, but then we’re at the starting point | 00:41 |
| alexpilotti | you could use some symmetric encryption | 00:41 |
| alexpilotti | not safe anyway | 00:41 |
| smoser | alexpilotti, yeah, actually you're right. | 00:43 |
| smoser | the attacker can't read /dev/sdb without root | 00:43 |
| smoser | and once they have root, well, you lose | 00:44 |
| alexpilotti | yep | 00:44 |
| smoser | and if they had exploited you before you 'mount /dev/sdb /mnt' | 00:44 |
| smoser | then you lose anyway | 00:44 |
| smoser | so, yeah, you're right. | 00:44 |
| alexpilotti | this thing of how to handle sensitive info in the metadata is quite hot | 00:44 |
| alexpilotti | what we did for the passwords in Nova is IMO cool and could work in other scenarios | 00:45 |
| alexpilotti | where the plugins generate some secret, encrypt it with the user’s SSH pub key and POST them to some metadata service | 00:46 |
| alexpilotti | configdrive won’t be the case I guess | 00:47 |
| alexpilotti | smoser pushed the code with bsdtar support, I owe you a beer :-) | 02:31 |
| smoser | whoohoo. | 02:32 |
| smoser | bsdtar as in actually that binary ? | 02:32 |
| smoser | and not just using the library ? | 02:32 |
| smoser | i figured you'd have to use the library | 02:32 |
| smoser | but that s great | 02:32 |
| smoser | hm.. | 02:35 |
| === harlowja is now known as harlowja_away | ||
| praneshp | smoser: yt? | 03:42 |
| praneshp | How can I run files in cloudinit/config individually? | 03:42 |
| praneshp | http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/cloudinit/config/cc_apt_configure.py | 03:44 |
| praneshp | for eg | 03:44 |
| praneshp | is there a nice handler tool available or do I just have to work backwards and find the righ targs to pass?? | 03:44 |
| === harlowja_away is now known as harlowja | ||
| harlowja | praneshp u all under control now i hope :) | 04:26 |
| praneshp | yup | 04:27 |
| === harlowja is now known as harlowja_away | ||
| === zz_gondoi is now known as gondoi | ||
| === harlowja_away is now known as harlowja | ||
| === shardy is now known as shardy_afk | ||
| alexpilotti | smoser: yep, it’s part of http://www.libarchive.org/ | 17:45 |
| alexpilotti | by building it you get both the lib and the exe | 17:45 |
| alexpilotti | so I just wen with a simple “bsdtar -xf xxx -C xxx” | 17:46 |
| alexpilotti | for once I avoided some crazy ctypes work | 17:46 |
| === yjiang5_away is now known as yjiang5 | ||
| === praneshp_ is now known as praneshp | ||
| === harlowja is now known as harlowja_away | ||
| === harlowja_away is now known as harlowja | ||
| === gondoi is now known as zz_gondoi | ||
| === zz_gondoi is now known as gondoi | ||
| === gondoi is now known as zz_gondoi | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!