[mirror-admin] MirrorManager ACL is useless
Jan Kasprzak
kas at fi.muni.cz
Mon Nov 7 14:37:54 EST 2011
Hello,
has anybody actually looked at the mirrormanager ACL file
at https://admin.fedoraproject.org/mirrormanager/rsync_acl ?
I think it is pretty unusable as a list of Tier 2 mirrors
which can be allowed to access the pre-bitflip content.
It contains whatever the mirror owners decide to put into
mirrormanager: I can probably add something like
\n[hiddenmodule]\npath=/\nuid=root\ngid=root\nread only=no\n
there and get the full access to the whole file system of those
mirrors who are "brave enough" to include this list in their rsyncd.conf.
The input is not sanitized in any way. It contains empty lines,
several rsync:// urls, several /24 prefixes, a /15 prefix,
and two /8 prefixes.
Some time ago I wanted to use it for my pre-bitflip data module,
but after looking at it I have decided to maintain the list of
downstream Tier-2 mirrors for my site manually.
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
--
More information about the Mirror-admin
mailing list