Copying /bin;/sbin and /lib content from server to diskless is a security issue. If anything "not" in the diskless (that exist only on the server) get update for security, user MUST resync the diskless content with server ; else security hole will remain in all diskless clients. It is not mention that user should really really be aware and take care anytime a server tool is update, the rsync must be redone. But also there's simply 0 needs to do that : diskless nodes are prepare to use their own tools, no nodes should need or be allow to use tools the server have that they "may" need. If they need it, the tool should be add to them, but it's hazardous to just copy the server tools like that. Reproducible: Always Steps to Reproduce: 1.rsync -avz /bin /diskless/192.168.1.21 2.rsync -avz /sbin /diskless/192.168.1.21 3.rsync -avz /lib /diskless/192.168.1.21 Actual Results: diskless nodes could run old server tools with security hole in it. Expected Results: that section should just not exist.
Each article has its own discussion page. Raise your concerns there.
When we report bug, you are sending everyone to wiki or forum to discuss it??? Is that new handling of bug?
(In reply to nobody from comment #2) > When we report bug, you are sending everyone to wiki or forum to discuss > it??? Sending people to the forums to discuss wiki articles is just as absurd as having them file bugs for it.
(In reply to Alex Legler from comment #3) > Sending people to the forums to discuss wiki articles is just as absurd as > having them file bugs for it. It wouldn't be more absurd than sending them to wiki to discuss a BUG. So can you gave that bug to someone that wish to "look at the bug" instead please?
Security assessment: This is not a security issue. Wiki assessment: Comment #1 stands. As such, this issues has no grounds for being on bugzilla, INVALID is the final resolution. Do not reopen this bug.
