On Sun, 26 Oct 2008, Marian Marinov wrote:
That's a hard problem. Users will forever be borrowing each other's
accounts, making it difficult to contain security breaches.
But if you build a good infrastructure jailing the users
Many clusters that I have seen have a very relaxed security policy on
the inside network. Having access via a borrowed account to the access
node would give a potential attacker the oportunity to use not only
0day exploits but also old-school ones (like those rsh/rexec based) to
compromise some nodes or the whole cluster. Jailing users would not
help much in this case: they are supposed to be allowed to run
whatever software they bring in, so they can also run malicious
ones...
--
Bogdan Costescu
IWR, University of Heidelberg, INF 368, D-69120 Heidelberg, Germany
Phone: +49 6221 54 8240, Fax: +49 6221 54 8850
E-mail: [EMAIL PROTECTED]
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
