[Csync2] Public cluster -- Letting a pre-shared key escape
Andreas J. Koenig
andreas.koenig.gmwojprw at franz.ak.mind.de
Thu Apr 13 08:37:14 CEST 2006
Can this be made secure:
group communityportal {
host masterhost (slave1) (slave2) (slave3);
key /home/ftp/pub/pre-shared-key-for-csync2.txt
...
}
I mean, I'm trying to understand the security implications of sharing
the key with the world when only one host is declared writer and all
other hosts are slaves. In the setup I have in mind I could never
trust any of the slaves to keep the key secret anyway, so I might just
publish it beforehand.
If a blackhat pretends to be the masterhost and tries to connect to
one of the slaves, it should fail due to the missing SSL handshake,
except for the first time, that is.
If one of the slaves is driven by a blackhat, it should not be able to
disturb the others because they won't let a slave tell them what to
do.
But there is a time window between the moment when a new slave
finishes the configuration of his csync2 setup and the moment the
master connects for the first time. This time window could be
exploited by an attacker by pretending to be the masterhost.
Is there a way to put the public key of the master into the database
to eliminate this time window?
Would this be the only measure needed to make such a public cluster
secure?
Thanks for your insights,
--
andreas
More information about the Csync2
mailing list