> I like the idea of checking the md5 matches before each boot, as it > mirrors the check we do after downloading from glance. Its possible > thats very unlikely to spot anything that shouldn't already be worried > about by something else. It may just be my love of symmetry that makes > me like that idea?
IMHO, checking this at boot after we've already checked it on download is not very useful. It supposes that the attacker was kind enough to visit our system before an instance was booted and not after. If I have rooted the system, it's far easier for me to show up after a bunch of instances are booted and modify the base images (or even better, the instance images themselves which are hard to validate from the host side). I would also point out that if I'm going to root a compute node, the first thing I'm going to do is disable the feature in nova-compute or in some other way cripple it so it can't do its thing. --Dan __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
