Bug 783911 - RFE - create a "read-only" agent
RFE - create a "read-only" agent
Status: NEW
Product: RHQ Project
Classification: Other
Component: Agent (Show other bugs)
4.2
Unspecified Unspecified
medium Severity unspecified (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-23 03:35 EST by vlad crc
Modified: 2015-02-01 18:29 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description vlad crc 2012-01-23 03:35:24 EST
We propose to create the possibility to disable those parts of the agent which can do changes on the monitored platform. This is for preventing possible security issues.

See the discussion here:
https://community.jboss.org/message/647797#647797

Best regards,
Vlad Craciunoiu
Comment 1 Mike Foley 2012-01-23 11:17:22 EST
per scrum 1/23/2012 crouch, loleary, mfoley
Comment 2 Costel C 2012-03-01 09:42:13 EST
Hi, 

It seems a good idea to have a "read-only" agent.

The proposed solution (to disable the "write" features like Configuration and Provisioning and leave only "read" features like Monitoring) still has an issue: malicious code can be embedded in the monitoring part of the plugins. 

An idea would be to sign the plugin JAR. The agent will check the signature every time a plugin update is performed. The signature will guarantee that the plugins come only from a trusted source.

What do you think about this idea ?

Regards,
Costel

Note You need to log in before you can comment on or make changes to this bug.