[ET Trac] [Einstein Toolkit] #605: Simfactory does not find the right 'path' for symlinked cactus directories

Einstein Toolkit trac-noreply at einsteintoolkit.org
Tue Aug 13 07:13:42 CDT 2013


#605: Simfactory does not find the right 'path' for symlinked cactus directories
-------------------------+--------------------------------------------------
  Reporter:  knarf       |       Owner:  eschnett           
      Type:  defect      |      Status:  review             
  Priority:  minor       |   Milestone:                     
 Component:  SimFactory  |     Version:  development version
Resolution:              |    Keywords:                     
-------------------------+--------------------------------------------------

Comment (by hinder):

 If you have a private key on machine A, and log in to machine B with
 agent-forwarding, so that you can then log in to machine C from B, then
 you give machine B the ability to authenticate using your private key to
 any other system.  If machine B is compromised, this is a security
 vulnerability which is worse than logging into machine C directly.  Note
 that your key itself is not compromised, as the key never leaves machine
 A.  But the agent on machine A can be instructed by machine B to
 authenticate data using your private key on machine A for the duration of
 your session on A.  This is why agent-forwarding to machines where you do
 not 100% trust root (or that root has been compromised) has a higher risk.
 I do it anyway, but only when I need to; i.e. I don't have agent-
 forwarding on by default, I use "-A' when I am going to need it.

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/605#comment:24>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit


More information about the Trac mailing list