walinuxagent and out-of-archive code updates
Steve Langasek
steve.langasek at canonical.com
Tue Mar 14 18:56:15 UTC 2017
A vote was taken at today's tech board meeting, ratifying an exception for
walinuxagent to do out-of-archive updates:
http://ubottu.com/meetingology/logs/ubuntu-meeting-2/2017/ubuntu-meeting-2.2017-03-14-17.01.html
This is of course still open for feedback from members of the TB who were
not in attendance at today's meeting.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
On Tue, Mar 14, 2017 at 10:01:02AM -0700, Steve Langasek wrote:
> Dear Technical Board,
>
> I wish to make you aware of a technical decision taken by the Ubuntu
> Foundations team concerning a package in the archive. I believe the
> decision is technically sound and will stand up to scrutiny, but due to the
> sensitivity and possible precedent-setting involved, I want us to be
> completely transparent with the community about what is being done and why.
>
> The walinuxagent package in Ubuntu is an agent for the Microsoft Azure
> cloud, communicating with the cloud substrate and allowing management of
> various aspects of the guest through the cloud's dashboard / management
> interface.
>
> The Microsoft Azure team has requested that the package in Ubuntu enable a
> feature, currently disabled via config setting, that allows the agent to
> pull down code from a trusted cloud-local endpoint and deploy it on the
> running system. This is desirable for two reasons:
>
> - it ensures that the agent on the guest remains up-to-date and compatible
> with the cloud substrate, even on long-running instances whose
> administrators are not applying package updates on a regular basis
> - it enables various optional modules which are part of the Azure platform
> but are not distributed with the walinuxagent package, they are only
> available from the walinuxagent endpoint.
>
> Obviously we have good reason for a policy that third-party repositories and
> code update mechanisms are not allowed for Ubuntu at large. In this case, I
> believe it's acceptable because:
>
> - in a cloud, this is not the first place in which arbitrary code can be
> fed into the instance from outside; cloud-init also does the same thing
> in a more general form
> - this is a cloud-local endpoint; we know from the architecture of Azure
> that this endpoint is controlled by the same party as the virtualization
> environment itself (i.e. Microsoft), so there is no concern that trusting
> this endpoint expands the set of targets for an attacker
> - the walinuxagent uses several methods to detect that it's running on the
> correct cloud substrate (specially-formed DHCP responses;
> locally-attached storage) which ensure that accidentally installing and
> attempting to run this agent on a non-Azure Ubuntu machine will be a
> no-op.
>
> If you have any questions about this implementation, please ask.
>
> Thanks,
> --
> Steve Langasek Give me a lever long enough and a Free OS
> Debian Developer to set it on, and I can move the world.
> Ubuntu Developer http://www.debian.org/
> slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20170314/72501578/attachment.pgp>
More information about the technical-board
mailing list