[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!
hahn at physics.mcmaster.ca
Fri Jul 28 09:12:45 PDT 2006
>>> right - I don't have a problem with rsh as an internal cluster spawn
>>> though since you almost certainly also have sshd running, it makes sense
>>> to have fewer daemons.
>> It's okay for a small cluster where you have really good control over
>> the users.
> Now, THAT'S a very dangerous mindset. Even if you can be 100% sure
> there are no bad apples among your users, every single HPC related
> intrusion I'm aware of the last couple of years has started off by
> stealing passwords or keys and masquerading as legitimate users.
this is wandering pretty far afield. a cluster, to my way of thinking,
is intended to act as a single resource, and as such is a single trust
domain. rsh is perfectly fine because it's not trivially insecure -
some other hole has to exist if you're going to use it to escalate privs.
similarly, NFS's lack of real authentication.
if you want to harden a cluster to untrusted external users, it could
be done, but would take quiet a bit of effort, unless you restrict
how it behaves. for instance, if users can only run canned apps via
a web interface, you're off to a pretty good start. letting them
upload anything at all (possibly even non-executables) provides a
possibly exploitable mechanism.
it would be interesting to try this - connecting to the cluster gets
you a VM or containerized environment where you can't see anyone else,
and where the only access you have to the cluster is through queue
commands. your jobs would then run in a similar VM/container cloned
when you submit them. I suppose some people would like this, but it
would be inappropriate and unpopular to my user community (as well as
probably a lot more work and a lot less efficient.)
More information about the Beowulf