[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
Clint Byrum
clint at fewbar.com
Fri Sep 21 23:44:10 UTC 2012
** Description changed:
This is a tracking bug for a dependency of the juju MIR (bug #912861).
+
+ In summary: The security of the ZooKeeper on node 0 is critical. Even
+ with full ACLs this pins all of the security of the local host onto one
+ set of credentials. Users do not need to access ZooKeeper at all. An
+ iptables rule must be added as a line of defense against privilege
+ escalation by requiring that only root owned processes be allowed to
+ access ZooKeeper.
** Changed in: juju (Ubuntu Precise)
Milestone: 0.7 => None
** Changed in: juju (Ubuntu Precise)
Status: In Progress => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju in Ubuntu.
https://bugs.launchpad.net/bugs/966577
Title:
add explicit egress 'owner' rule on non-bootstrapping nodes to require
root access to zookeeper
To manage notifications about this bug go to:
https://bugs.launchpad.net/juju/+bug/966577/+subscriptions
More information about the Ubuntu-server-bugs
mailing list