[Beowulf] Security issues

Joe Landman landman at scalableinformatics.com
Mon Oct 27 10:59:32 EDT 2008


Kilian CAVALOTTI wrote:

> But this can also lead to the kind of security problem Joe described, 
> even if here, I don't think one can blame any of the system's component 
> being outdated for this intrusion.

It is/was a user issue.  We are working to prevent this sort of issue 
arising again.

Sadly, I feel as if we are playing "whack-a-mole" with these issues. 
No, adding SElinux or other products won't make this any better, they 
add layers of complexity, and the benefits may not be worth the costs.

The issue is, in part, we need to

a) prevent sharing of accounts

b) control access to ssh logins

c) prevent execution of dangerous stuff.

"c" is 'easy' (yeah, I know its wrong), but we can disable all suid 
programs on the machine that are accessible from users accounts.

"a" is hard.  Academics like to share things.  We need to find a way to 
let them do this.  Securely.

"b" is interesting.  They were using keys for access.  Someone loaned 
their keys to a friend, or their keys were hijacked, or whatever.

So we are going to take a different approach.

> 
> Cheers,


-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web  : http://www.scalableinformatics.com
        http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list