[cfarm-users] Aging inactive cfarm users?

Jonathan Wakely jwakely.gcc at gmail.com
Mon Apr 15 00:20:07 CEST 2024 

On Sun, 14 Apr 2024, 13:12 Martin Guy via cfarm-users, <
cfarm-users at lists.tetaneutral.net> wrote:

> Il 14/04/24 13:46, Jonathan Wakely via cfarm-users ha scritto:
> > On Sun, 14 Apr 2024, 12:15 Baptiste Jonglez via cfarm-users,
> > <cfarm-users at lists.tetaneutral.net> wrote:
> >
> >     On 09-04-24, David Malcolm via cfarm-users wrote:
> >     > I was wondering if the compile farm has any policies/procedures for
> >     > aging out long-dormant users (to minimize exposure in case of
> stolen
> >     > credentials).
> >
> >     Good question.  We have no such policy currently.
> >
>
> I don't see any advantage, other than saving a little disc space, but
> probably little.
>

Disc space is a constant problem on the popular cfarm machines!


> It's no more likely that someone who's not used the compile farm in a
> while would have their keys copied unknown to them than it is that an
> active user's keys could be compromised, in fact less,


You don't need to copy keys if you can get access with a little social
engineering.

and anyone
> wanting to abuse the compile farm only has to ask for an account,


The threat model is not "somebody gets a new account" it's "somebody gets
access to an account that doesn't belong to them".

If you could convince the admins that you own the account "jwakely" but
you've lost your ssh keys and need a new one to be added to the account,
you could login as me. If my account had any signing keys or private keys
on cfarm machines, or stored passwords for mail relays or websites, they
would be compromised.

If it's an old, inactive account, it might be easier to say "I am this
person, but I've had to change email address in the two years since I last
logged in". Maybe the attacker even managed to get ownership of the
jwakely.gcc at gmail.com address after I stopped using it. If the old account
had been purged from the systems, the attack simply doesn't work.

Now maybe you could argue it's not a very credible threat (I would be silly
to store private keys or passwords on cfarm machines). But I don't agree
that it's more likely to happen for active users, since they're more likely
to either keep hold of their email address, or update their cfarm access
after learning they've been compromised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20240414/c7e228e5/attachment.htm>

More information about the cfarm-users mailing list