Smolt and FudCon

So far, FudCon has been awesome. It was very good to finally meet Mike, and go over some of the outstanding issues in Smolt. We finally have a good technical solution, so that we know Smolt is secure.

Traditionally, Smolt would store a UUID on the local system. This would be used as a key to the database, when sending updates or looking up host information. With this UUID, anyone could remove a profile from the database. Knowing who had which UUID, anyone can find out what hardware you have. This was inherently insecure.

Over the past couple of months, I was trying to think of a way to lock down that access to the person who had control of the local client. Ideally, PolicyKit will define who is allowed access to the functions provided by Smolt, such as submitting and deleting a profile. At bare minimum, this would be root-only, with the UUID lockdown and hidden via file permissions and SELinux. Ideally, this will all be controllable via Cobber, Func, and anything else you might want to use. Let's say you want to share your profile. Just ask the server for a link. Every UUID comes with a new snazzy public UUID that you can share with anyone you want. Don't like your pubic UUID? Just ask for a new one. You will need access through PolicyKit to get this public UUID too. In the end, there is no way someone can just trace a UUID back to you, unless you want them to.

I'll blog more about FudCon later, I'm enjoying a nice look at TurboGears, courtesy of Luke.