[Csync2] Public cluster -- Letting a pre-shared key escape
Michael Mansour
mic at npgx.com.au
Sat Apr 15 00:43:00 CEST 2006
Hi,
> >>>>> On Thu, 13 Apr 2006 13:01:01 +0200, Clifford Wolf
<clifford at clifford.at> said:
>
> > Hi,
> >> group communityportal {
> >> host masterhost (slave1) (slave2) (slave3);
> >> key /home/ftp/pub/pre-shared-key-for-csync2.txt
> >> ...
> >> }
> >>
> >> [..]
> >>
> >> But there is a time window between the moment when a new slave
> >> finishes the configuration of his csync2 setup and the moment the
> >> master connects for the first time. This time window could be
> >> exploited by an attacker by pretending to be the masterhost.
>
> > csync2 also checks the ip-address of incoming connection. When a
> host > connects it first identifies to the peer. so when in your
> example the > 'masterhost' connects to 'slave1', 'slave1' will
> lookup the ip-address > of 'masterhost' and return an
> "Identification failed!" error when the > ip-addresses do not match.
>
> My peers are run by hardboiled sysadmins, they might be unconvinced
> by this answer. A hostname lookup can be spoofed or otherwise undermined.
Just to add my 1 cent, spoofing is impossible if the hostnames are contained
in the /etc/hosts file (and nsswitch looks there first). Is this a problem to
have in your setup?
Michael.
More information about the Csync2
mailing list