patch 5 debuginfod: prometheus metrics

Mark Wielaard
Tue Nov 19 16:13:00 GMT 2019


On Mon, 2019-11-18 at 11:47 -0500, Frank Ch. Eigler wrote:
> > > > > +control.  The \fI/metrics\fP webapi endpoint is probably not
> > > > > +appropriate for disclosure to the public.
> > > > 
> > > > So, should there be an option to turn it off?
> > > 
> > > IMHO not necessary.  The security section already advises against
> > > exposing an unprotected debuginfod server to the public.  A
> > > front-end
> > > reverse-proxy would easily filter requests to /metrics.
> > 
> > I think defense in depth is not a bad thing.
> > You already have local users to which it is exposed.
> Local users can already run "ps awux" to see the same semi-sensitive
> command line arguments.

I am not sure the existence of other side channel information leaks is
reason to just allow more. Also there are system setups where you
cannot see command line arguments through ps awux for processes that
aren't yours (mount procfs with hidepid=1).

I do see it is less information that I thought though. It really is
just the directories given and the number of things found in them.

I still would like an option to turn the metrics off, but I don't think
it needs to be on by default since the information exposed doesn't seem
to really be that sensitive. So lets just mark this as future wishlist.



More information about the Elfutils-devel mailing list