[Beowulf] Security issues
Bogdan Costescu
Bogdan.Costescu at iwr.uni-heidelberg.de
Mon Oct 27 08:23:10 PDT 2008
On Sun, 26 Oct 2008, Marian Marinov wrote:
>> That's a hard problem. Users will forever be borrowing each other's
>> accounts, making it difficult to contain security breaches.
>
> But if you build a good infrastructure jailing the users
Many clusters that I have seen have a very relaxed security policy on
the inside network. Having access via a borrowed account to the access
node would give a potential attacker the oportunity to use not only
0day exploits but also old-school ones (like those rsh/rexec based) to
compromise some nodes or the whole cluster. Jailing users would not
help much in this case: they are supposed to be allowed to run
whatever software they bring in, so they can also run malicious
ones...
--
Bogdan Costescu
IWR, University of Heidelberg, INF 368, D-69120 Heidelberg, Germany
Phone: +49 6221 54 8240, Fax: +49 6221 54 8850
E-mail: bogdan.costescu at iwr.uni-heidelberg.de
More information about the Beowulf
mailing list