[Beowulf] Security issues

Bogdan Costescu Bogdan.Costescu at iwr.uni-heidelberg.de
Mon Oct 27 11:23:10 EDT 2008


On Sun, 26 Oct 2008, Marian Marinov wrote:

>> That's a hard problem. Users will forever be borrowing each other's
>> accounts, making it difficult to contain security breaches.
>
> But if you build a good infrastructure jailing the users

Many clusters that I have seen have a very relaxed security policy on 
the inside network. Having access via a borrowed account to the access 
node would give a potential attacker the oportunity to use not only 
0day exploits but also old-school ones (like those rsh/rexec based) to 
compromise some nodes or the whole cluster. Jailing users would not 
help much in this case: they are supposed to be allowed to run 
whatever software they bring in, so they can also run malicious 
ones...

-- 
Bogdan Costescu

IWR, University of Heidelberg, INF 368, D-69120 Heidelberg, Germany
Phone: +49 6221 54 8240, Fax: +49 6221 54 8850
E-mail: bogdan.costescu at iwr.uni-heidelberg.de
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list