Posted by heyrocker on
- Currently the configuration management has a lot of code related to signing configuration files in order to verify they have not been changed since written by the system. This code is potentially unnecessary and increases the complexity of the system.
- Remove file signing to make the system architecture less complicated and reduce points of failure.
- When the file-based configuration system was originally proposed, files were going to be saved within the files directory at a predictable path. In an attempt to protect against files being overwritten behind the system's back as well as taking advantage of "defense in breadth". Since then, we have moved to having the files saved in a non-predictable path - a randomly generated directory name that is a sha-256 hash of various system information. Given that the path to your configuration is now completely hidden, it was brought up by various people that the file signing might not be necessary anymore.
- Remove all file signing and checking functionality.
- I am most interested in the security implications of this change as this is not my area of expertise.
|PASSED: [[SimpleTest]]: [MySQL] 36,288 pass(es).|
|PASSED: [[SimpleTest]]: [MySQL] 35,008 pass(es).|
|FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch 1444620-remove-signed.patch. Unable to apply patch. See the log in the details link for more information.|