[Ffmpeg-devel] Re: [MPlayer-dev-eng] mphq2 - admins wanted

Rich Felker dalias
Mon Sep 5 11:19:02 CEST 2005

On Mon, Sep 05, 2005 at 09:23:16AM +0200, Attila Kinali wrote:
> On Sat, 3 Sep 2005 18:52:23 -0400
> Rich Felker <dalias at aerifal.cx> wrote:
> > I'd like to comment, that what we're looking for now is the people to
> > have root accounts on mphq. IMO this requires some deep knowledge,
> > since there will hopefully be several chroot/qemu/usermode linux
> > virtual environments inside the main server isolating everything to
> > make a compromise basically impossible in principle and also make the
> > effect of any possible compromise negligible.
> Actualy, no. The first thing the newly formed team has
> to decide on, is how the machine should be installed.
> Vritual servers are one possibility that has been discussed,
> but it is up to the team to decide.

Well if this isn't decided yet, I'd like to nominate myself at least
for the paranoia part of the admin team. Whether I have actual access
permissions is irrelevant, but I'd like to be involved in overseeing
security policy.

> Anyways, any concidered solution has to fullfill 3 criteria:
> * Secure enough so any break in is unlikely

IMO this is not sufficient. The minimal condition is: secure enough
that compromise of a non-root account cannot result in changes to cvs
repository or content served by the webserver without such changes
being immediately visible to the entire devel team, and secure enough
that no root compromise can go unnoticed. Preferred condition is: all
root compromise impossible without successfully guessing root
password. The latter should be achievable with proper virtualization
and privilege isolation.

> * Does not restrict the regular users too much

Is preventing mphq from being used for p2p filesharing/teeniepr0n/...
too restrictive? ;)

> * Can be handled by the admin team

Yes. This is why I think our selection of admin team needs to be a
little bit.. selective.


More information about the ffmpeg-devel mailing list