[distcc] Security again
Martin Pool
mbp at samba.org
Tue Apr 6 01:36:18 GMT 2004
On 2 Apr 2004, Dan Kegel <dank at kegel.com> wrote:
> http://distcc.samba.org/security.html gives a good overview of
> distcc's security situation.
> Apple's Rendezvous patches, I believe, open up even more security holes.
>
> Kerberos is fairly widely deployed (at least by Active Directory).
> It is somewhat tempting to kerberize distcc to try to protect
> the distcc servers from being hacked by unauthorized users' input,
> and to ssl-enable distcc to try to protect authorized users' source
> code from prying eyes.
>
> It would be nice if we could secure distcc without slowing it down,
> as I believe ssh does.
Yes, SSH does slow it down. A certain amount of slowdown is probably
unavoidable compared to just blatting out bulk data over TCP, but it
need not be so large.
> To avoid the overhead of repeatedly starting up ssl/ssh connections
> and authenticating, it might be nice to cache connections for
> reuse.
Yes. I think key negotiation may also take several roundtrips.
However, optimizing this needs to be done quite carefully to avoid
introducing security holes.
> That'd mean having a resident connection daemon which either acts as
> a proxy, or just passes an already-open socket to the distcc client
> on request, and accepts it back from the client when it's done.
> I suspect this can't be done efficiently without cooperation
> from both distcc and distccd.
This is question zero: does it need cooperation, or can it just plug
in in place of ssh? What causes your suspicions?
--
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/distcc/attachments/20040406/45e3104d/attachment.bin
More information about the distcc
mailing list