Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)

To: debian-project@lists.debian.org
Subject: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
From: Peter Palfrader <weasel@debian.org>
Date: Sat, 30 Aug 2008 17:46:16 +0200
Message-id: <[🔎] 20080830154616.GE9633@anguilla.noreply.org>
Mail-followup-to: Peter Palfrader <weasel@debian.org>, debian-project@lists.debian.org
In-reply-to: <[🔎] 20080830131601.GA13250@wavehammer.waldi.eu.org>
References: <20080827120031.GA32039@intrepid.palfrader.org> <20080828071223.GC7061@dario.dodds.net> <20080828193141.GK9633@anguilla.noreply.org> <[🔎] 20080830123208.GD9633@anguilla.noreply.org> <[🔎] 20080830131601.GA13250@wavehammer.waldi.eu.org>

[Trimming lists]

On Sat, 30 Aug 2008, Bastian Blank wrote:

> On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > - install sendfile/saft on all machines so you can do
> >     sendfile foo.tar.gz weasel@merkel
> > 
> >   The crypto stuff could be alleviated by using ipsec between all our
> >   servers.  But that works even less well than you'd expect.
> 
> The machines needs to check DNSSEC or the names can be spoofed which
> makes ipsec mood.

Or you use only resolvers that you have a trusted (i.e. ipsec)
connection to and those need to have a complete axfr'ed zone.

As hinted in the original email, I don't think ipsec (or stunnel) are
useful solutions to help us make sendfile suck less.

> > - setup afs
> > 
> >   pros: + AFS is cool
> 
> Yeah. You can make read-only snapshots for backup purposes.

Probably not useful for a transfer share.  But if it ever grows beyond
that that might be useful.

> >         - AFS suffers from the not-a-filesystem syndrome: file access
> >           control is not unix-like and will confuse users.
> 
> Also other parts are not really POSIX-like. Hardlinks or so.

Direct consequence of its permission model I'd assume.

> > What other options did we forget?
> 
> - Setup Kerberos, allow it as an additional ssh login variant

Circumvents the entire idea behind this exercise:  Assuming an attacker
already has control over one host we want to make it as hard as possible
for them to jump to other hosts.

-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

Follow-Ups:
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Bastian Blank <waldi@debian.org>
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Steve Langasek <vorlon@debian.org>

References:
- transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Peter Palfrader <weasel@debian.org>
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Next by Date: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Previous by thread: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Next by thread: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Index(es):
- Date
- Thread