[Beowulf] CLuster - Mpich - tstmachines - Heeelp !!!!!!!!

Mark Hahn hahn at physics.mcmaster.ca
Fri Jul 28 09:12:45 PDT 2006


>>> right - I don't have a problem with rsh as an internal cluster spawn
>>> method.
>>> though since you almost certainly also have sshd running, it makes sense
>>> to have fewer daemons.
>> It's okay for a small cluster where you have really good control over
>> the users.
>
> Now, THAT'S a very dangerous mindset. Even if you can be 100% sure
> there are no bad apples among your users, every single HPC related
> intrusion I'm aware of the last couple of years has started off by
> stealing passwords or keys and masquerading as legitimate users.

this is wandering pretty far afield.  a cluster, to my way of thinking,
is intended to act as a single resource, and as such is a single trust
domain.  rsh is perfectly fine because it's not trivially insecure - 
some other hole has to exist if you're going to use it to escalate privs.
similarly, NFS's lack of real authentication.

if you want to harden a cluster to untrusted external users, it could
be done, but would take quiet a bit of effort, unless you restrict 
how it behaves.  for instance, if users can only run canned apps via 
a web interface, you're off to a pretty good start.  letting them 
upload anything at all (possibly even non-executables) provides a
possibly exploitable mechanism.

it would be interesting to try this - connecting to the cluster gets 
you a VM or containerized environment where you can't see anyone else,
and where the only access you have to the cluster is through queue
commands.  your jobs would then run in a similar VM/container cloned 
when you submit them.  I suppose some people would like this, but it 
would be inappropriate and unpopular to my user community (as well as 
probably a lot more work and a lot less efficient.)



More information about the Beowulf mailing list