[2412] in Release_7.7_team
Minutes of 2000-08-340 release-team meeting
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 30 14:36:45 2000
Date: Wed, 30 Aug 2000 14:36:38 -0400 (EDT)
Message-Id: <200008301836.OAA11812@small-gods.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@MIT.EDU
Attending: ghudson rbasch amb zacheiss wdc jweiss aurora
1. Ampliciation attack
Matt Power pointed out an amplification attack involving a
chargen/named loop. Since MIT routers do no ingress filtering, we are
vulnerable to this attack from anywhere on the net. Possible
countermeasures to variations n this attack include:
A. Disable chargen, echo UDP services - YES
B. Get Disable chargen, echo TCP services - YES
C. Convince BIND to only listen to local requests - NO
D. Make busyd reject packets from certain ports - YES
E. Make named reject packets from certain ports - MAYBE
(b) was slightly controversial because TCP services can't normally be
convinced to create a loop. But the services were considered to be of
dubious use, and conservatism suggested we disable them by default.
2. MSA and Hesiod
Centrally administered Hesiod cluster information is required for
updates. (cluster.local will work for patch releases, but not full
releases. We don't want to encourage cluster.local anyway, since we
like to be able to find Athena machines which will take updates.)
Previously we had planned to make the install instructions say "please
visit this web page and tell us about your machine." Instead, we plan
to make them say, "YOU WILL NOT GET UPDATES AND SECURITY FIXES unless
you visit this web page and register your machine for hesiod cluster
information," and the web page will generate a hesreq request.
(Note: currently you can't even install an IRIX machine without Hesiod
cluster information unless you do a custom install. But we don't anticipate
many user installs of IRIX machines.)
3. SIPB installer for Linux
SIPB's installer uses a different model - a hacked up Red Hat
installer. It is targeted at users instead of cluster services, and
correspondingly has more options and a friendlier interface, but takes
more time. Currently, it supports more varied hardware than we do,
and can create a dual-boot install. Also, you'll never accidentally
scribble over your entire disk with this install, whereas the cluster
install is pretty much required to do so by default.
We probably don't want to take over support for this product, since
the Red Hat installer is a mess of python code. When it is working,
as long as it creates something suitably identical to an IS-installed
machine, we should feel free to point people at it as an alternative
installation process; however, since we won't fix problems with it, we
shouldn't rely on it for any of our supported offerings.
We might want to consider making a post-installation Athenization
script which turns a stock Red Hat machine into an MSA machine. Such
a script might or might not force the user to sync the list of RPMs
with our list.
4. Linux tasks
Bill has a prioritization scheme for tasks involving a formula based
on importance, urgency, and ease of implementation. He requests that
people in his team use this prioritization scheme for new work.
SCSI root disk support and i386/i586 support during updates is done as
of 8.4.11. Our install still won't work for SCSI or i386/i586
machines. [Post-meeting note: the install and update also won't work
quite right for SMP machines, although the failure modes aren't
terrible in either case.]
We have made no progress on making the default video mode 1280x1024 at
install time. amb will look into this, and also at how to change
existing 1600x1200 machines to 1280x1024 in a future patch release.
Bill wants us to improve the behavior of our install on machines with
less powerful monitors than the cluster monitors. Greg will look into
this problem, but does not guarantee a solution.
The bootkit instructions currently refer to the wrong floppy image.
Garry will fix this.
5. Tasks required for MSA
We have made some small amount of progress, but Alex is still out of
town and no one has made any of the requisite web pages.
