[Beowulf] anyone using SALT on your clusters?

Christopher Samuel samuel at unimelb.edu.au
Sun Jun 30 20:37:01 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 25/06/13 22:27, Eugen Leitl wrote:

> A Taste of Salt: Like Puppet, Except It Doesn’t Suck

Except that their crypto does..

http://docs.saltstack.com/topics/releases/0.15.1.html#rsa-key-generation-fault

CVE-2013-2228.

https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc

# tarcieri commented on 5dd3042
#
#  I think the larger question here is: why aren't you using TLS?
#
# I will warn you in advance that "because we're using ZeroMQ" is
# a silly answer. This is at least the third vulnerability that has
# been found in your homebrew transport encryption, after the lack
# of a MAC and a timing attack. I hope you now realize that
# homebrewing your own transport encryption is a bad idea and you
# should seriously consider switching to TLS at this point to avoid
# future attacks.


- -- 
 Christopher Samuel        Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
 http://www.vlsci.org.au/      http://twitter.com/vlsci

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHQ+V0ACgkQO2KABBYQAh9zjgCfTblwfHPeQAMhJqS3OL6VvrYB
LBgAni/QbwABsv5czXK9kOq1wPzwaBsp
=wNaE
-----END PGP SIGNATURE-----


More information about the Beowulf mailing list