[Linux-cluster] Security in CMAN

guanxun mu lyxmoo at gmail.com
Sun Dec 11 17:15:31 UTC 2005

IMO, there're lack security check in cman join/leave mechanism, that's means
a aborative udp packet made the cluster untrusted, if there's a manageable
authorization password input through proc entries, the wrong configured node
or the cracker without the cluster-extension authorized word will not bother
the cluster message passing. a simple memcmp calling in the beginning of
process_message will out sight of load.

sincerely Michael Moore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20051212/5aaf348f/attachment.htm>

More information about the Linux-cluster mailing list