Re: pmwebd security (was Re: [RFC] dynamic container switching)

pcp

Re: pmwebd security (was Re: [RFC] dynamic container switching)

To:	"Frank Ch. Eigler" <fche@xxxxxxxxxx>
Subject:	Re: pmwebd security (was Re: [RFC] dynamic container switching)
From:	Nathan Scott <nathans@xxxxxxxxxx>
Date:	Tue, 10 Nov 2015 22:22:28 -0500 (EST)
Cc:	PCP <pcp@xxxxxxxxxxx>
Delivered-to:	pcp@xxxxxxxxxxx
In-reply-to:	<20151111023103.GA16615@xxxxxxxxxx>
References:	<1313883527.54143616.1444783810135.JavaMail.zimbra@xxxxxxxxxx> <20151027155234.GB9303@xxxxxxxxxx> <1185678657.63582036.1446001295613.JavaMail.zimbra@xxxxxxxxxx> <20151031022337.GC28852@xxxxxxxxxx> <1634759327.3957536.1446687727569.JavaMail.zimbra@xxxxxxxxxx> <20151106202554.GE2349@xxxxxxxxxx> <319465283.6999575.1447038990025.JavaMail.zimbra@xxxxxxxxxx> <20151111023103.GA16615@xxxxxxxxxx>
Reply-to:	Nathan Scott <nathans@xxxxxxxxxx>
Thread-index:	yK96xBaUpeuQ1X+RiGTjNIWxbMwixA==
Thread-topic:	pmwebd security (was Re: [RFC] dynamic container switching)


----- Original Message -----
> > [...] I'll make the needed pmwebd changes this week.
> 
> The local:* stuff should not be marked as deprecated nor
> be undocumented: that still has plenty of safe & appropriate use.

If pmwebd acquires some form of explicit ACL, maybe (where people
will still have to opt-in to exposing information) - until then no,
there's no point risking that unnecessarily.

> "pmcd now only hangs for a few seconds after a hostile client
> sends a few bytes of data instead of indefinitely" in code:

Yep, interesting, thanks - so not nearly as bad as those initial
arbitrarily broad "pmcd DoS" claims.

In normal operation pmcd can be delayed for such short times under
heavy local load anyway.  I don't think it's a realistic security
concern in the bigger picture of uses of the service that pmcd is
offering - but if its worrying you, please have at it.

cheers.

--
Nathan

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: pmwebd security (was Re: [RFC] dynamic container switching), Nathan Scott Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler Re: pmwebd security (was Re: [RFC] dynamic container switching), Nathan Scott Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler Re: pmwebd security (was Re: [RFC] dynamic container switching), Nathan Scott <= Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler

Previous by Date:	Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler
Next by Date:	Re: [pcp] Multi-Archive Contexts: Scaling and Consistency, Nathan Scott
Previous by Thread:	Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler
Next by Thread:	Re: pmwebd security (was Re: [RFC] dynamic container switching), Frank Ch. Eigler
Indexes:	[Date] [Thread] [Top] [All Lists]