From: Mark Wielaard <mark@klomp.org>
To: "Frank Ch. Eigler" <fche@redhat.com>
Cc: elfutils-devel@sourceware.org, amerey@redhat.com
Subject: Re: patch 5 debuginfod: prometheus metrics
Date: Tue, 19 Nov 2019 16:13:00 -0000 [thread overview]
Message-ID: <c15a31e224a51372b8dde38253b0449b64ab1f51.camel@klomp.org> (raw)
In-Reply-To: <20191118164750.GB2880@redhat.com>
Hi,
On Mon, 2019-11-18 at 11:47 -0500, Frank Ch. Eigler wrote:
> > > > > +control. The \fI/metrics\fP webapi endpoint is probably not
> > > > > +appropriate for disclosure to the public.
> > > >
> > > > So, should there be an option to turn it off?
> > >
> > > IMHO not necessary. The security section already advises against
> > > exposing an unprotected debuginfod server to the public. A
> > > front-end
> > > reverse-proxy would easily filter requests to /metrics.
> >
> > I think defense in depth is not a bad thing.
> > You already have local users to which it is exposed.
>
> Local users can already run "ps awux" to see the same semi-sensitive
> command line arguments.
I am not sure the existence of other side channel information leaks is
reason to just allow more. Also there are system setups where you
cannot see command line arguments through ps awux for processes that
aren't yours (mount procfs with hidepid=1).
I do see it is less information that I thought though. It really is
just the directories given and the number of things found in them.
I still would like an option to turn the metrics off, but I don't think
it needs to be on by default since the information exposed doesn't seem
to really be that sensitive. So lets just mark this as future wishlist.
Cheers,
Mark
next prev parent reply other threads:[~2019-11-19 16:13 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 19:04 patch 0/2 debuginfod submission Frank Ch. Eigler
2019-10-28 19:06 ` patch 1/2 debuginfod client Frank Ch. Eigler
2019-10-28 19:09 ` patch 2/2 debuginfod server etc Frank Ch. Eigler
2019-11-04 21:48 ` patch 3/3 debuginfod client interruptability Frank Ch. Eigler
2019-11-07 9:07 ` patch 4 debuginfod: symlink following mode Frank Ch. Eigler
2019-11-07 9:08 ` patch 5 debuginfod: prometheus metrics Frank Ch. Eigler
2019-11-15 17:26 ` Mark Wielaard
2019-11-15 17:58 ` Frank Ch. Eigler
2019-11-18 16:20 ` Mark Wielaard
2019-11-18 16:48 ` Frank Ch. Eigler
2019-11-19 16:13 ` Mark Wielaard [this message]
2019-11-15 16:49 ` patch 4 debuginfod: symlink following mode Mark Wielaard
2019-11-15 18:31 ` Frank Ch. Eigler
2019-11-18 16:27 ` Mark Wielaard
2019-11-15 16:16 ` patch 3/3 debuginfod client interruptability Mark Wielaard
2019-11-15 17:03 ` Aaron Merey
2019-11-15 17:35 ` Mark Wielaard
2019-11-15 18:14 ` Pedro Alves
2019-11-17 23:44 ` Mark Wielaard
2019-11-18 2:50 ` Frank Ch. Eigler
2019-11-18 9:24 ` Pedro Alves
2019-11-19 12:58 ` Mark Wielaard
2019-11-13 17:22 ` patch 2/2 debuginfod server etc Mark Wielaard
2019-11-14 11:54 ` Frank Ch. Eigler
2019-11-16 1:31 ` Mark Wielaard
2019-11-13 23:19 ` Mark Wielaard
2019-11-14 12:30 ` Frank Ch. Eigler
2019-11-18 14:17 ` Mark Wielaard
2019-11-18 18:41 ` Frank Ch. Eigler
2019-11-19 15:41 ` Mark Wielaard
2019-11-19 16:13 ` Frank Ch. Eigler
2019-11-19 20:11 ` Mark Wielaard
2019-11-19 21:15 ` Frank Ch. Eigler
2019-11-20 11:53 ` Mark Wielaard
2019-11-20 12:29 ` Frank Ch. Eigler
2019-11-21 14:16 ` Mark Wielaard
2019-11-21 15:40 ` Mark Wielaard
2019-11-21 16:01 ` Frank Ch. Eigler
2019-11-21 15:58 ` Frank Ch. Eigler
2019-11-21 16:37 ` Mark Wielaard
2019-11-21 17:18 ` Frank Ch. Eigler
2019-11-21 20:42 ` Mark Wielaard
2019-11-22 12:08 ` Mark Wielaard
2019-11-14 20:45 ` Mark Wielaard
2019-11-15 11:03 ` Mark Wielaard
2019-11-15 21:00 ` Frank Ch. Eigler
2019-11-18 15:01 ` Mark Wielaard
2019-11-15 14:40 ` Mark Wielaard
2019-11-15 19:54 ` Frank Ch. Eigler
2019-11-18 15:31 ` Mark Wielaard
2019-11-18 15:49 ` Frank Ch. Eigler
2019-11-12 11:12 ` patch 1/2 debuginfod client Mark Wielaard
2019-11-12 15:14 ` Frank Ch. Eigler
2019-11-12 21:59 ` Mark Wielaard
2019-11-14 0:33 ` Frank Ch. Eigler
2019-11-15 21:33 ` Mark Wielaard
2019-11-12 21:25 ` Mark Wielaard
2019-11-13 23:25 ` Frank Ch. Eigler
2019-11-16 0:46 ` Mark Wielaard
2019-11-16 18:53 ` Frank Ch. Eigler
2019-11-18 17:17 ` Mark Wielaard
2019-11-18 20:33 ` Frank Ch. Eigler
2019-11-19 15:57 ` Mark Wielaard
2019-11-19 16:20 ` Frank Ch. Eigler
2019-11-19 20:16 ` Mark Wielaard
2019-11-19 21:22 ` Frank Ch. Eigler
2019-11-20 12:50 ` Mark Wielaard
2019-11-20 13:30 ` Frank Ch. Eigler
2019-11-21 14:02 ` Mark Wielaard
2019-11-13 13:57 ` Mark Wielaard
2019-11-14 11:24 ` Frank Ch. Eigler
2019-11-16 0:52 ` Mark Wielaard
2019-11-16 2:28 ` Frank Ch. Eigler
2019-10-30 11:04 ` patch 0/2 debuginfod submission Mark Wielaard
2019-10-30 13:40 ` Frank Ch. Eigler
2019-10-30 14:12 ` Mark Wielaard
2019-10-30 18:11 ` Frank Ch. Eigler
2019-10-31 11:18 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c15a31e224a51372b8dde38253b0449b64ab1f51.camel@klomp.org \
--to=mark@klomp.org \
--cc=amerey@redhat.com \
--cc=elfutils-devel@sourceware.org \
--cc=fche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).