[57north-discuss] SSH access to doorbot + hosting stuff in the space

Andrea Faulds ajf at ajf.me
Sat Jan 17 20:47:41 UTC 2015

Previous message: [57north-discuss] SSH access to doorbot + hosting stuff in the space
Next message: [57north-discuss] SSH access to doorbot + hosting stuff in the space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Robert,

> On 17 Jan 2015, at 19:33, Robert McWilliam <rmcw at allmail.net> wrote:
> 
> On Wed, Jan 14, 2015 at 08:40:23AM +0000, Andrea Faulds wrote:
>> I don’t think allowing access to doorbot is bad, allowing *sudo*
>> access is. If it weren’t for sudo access, I wouldn’t have been able
>> to do `sudo killall sshd`. (Again, I’m really sorry about that.)
>> 
> <snip>
>> One option would just be to run all the toys in a VM on doorbot and
>> give people access to the VM. It’d be slow, sure, but none of this
>> stuff really needs to be ultra-fast, and if someone screws up, only
>> the toys are lost.
> 
> Sorry for the slow response, I'm slowly catching up on emails...
> 
> There is a lot you can do to mess up a machine without root
> privileges if you can run arbitrary code. 

That is true. Fill up the disk and you can break virtually everything… I’ve done it to myself before.

> VMs are a nice way to keep things in a properly managed jail but I
> haven't seen any VM tech that would have an easy way to give access to
> hardware (usually USB devices for what we've been using up to now)
> without giving access to all the devices which could let you break
> (current) doorbot.

VirtualBox allows USB passthrough for selected devices, could that work? Maybe you could blacklist certain specific things.

> Basically, setting up stuff so that we can have "playing" on doorbot with
> any confidence that such playing can't break door access is more faff
> than I can be bothered with. I'd rather just use another machine that
> we're not relying on for playing. If someone else has a sane plan to
> set up jails of some description on doorbot and really wants to do
> that I could probably be convinced to give you access to do it.   

I probably don’t have the motivation, and you’d never trust me after I started this debacle (with the best of intentions, mind you!).

I have an RPi sitting around, unloved. It could be donated (possibly with some limited strings) to the space as a thing to put toys on.

Thoughts?
--
Andrea Faulds
http://ajf.me/

Previous message: [57north-discuss] SSH access to doorbot + hosting stuff in the space
Next message: [57north-discuss] SSH access to doorbot + hosting stuff in the space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the 57north-discuss mailing list