[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor as seti@home

On Wed, 11 Aug 2004, Alain Roy wrote:

> Granted, you can set it up so that Condor will run jobs as the nobody user 
> (on Unix--there's something similar on Windows), so they are relatively 
> safe.

It's worth *S*T*R*E*S*S*I*N*G* that "relatively" in "relatively safe" :

For instance, we have a user application (not written by us I hasten to
add)  which runs simulations of some description and can be put into a
state where it is so I/O intensive that it _physically_ destroys the hard
disk of the machine it was run on - took us a while to work out why all
the hard disks kept dying as soon as someone ran this wretched
application...  Needless to say the application was not running as a
privileged user... 

In the Windows world I'm aware of user applications that can trigger
catastrophic filesystem corruption on NTFS partitions (again said
applications run by an "ordinary user").

Also in the Windows world you would have the problem that even if you are
running the job as an "ordinary user", if the machine you are running said
job on has some RPC DCOM / Internet Explorer / Microsoft Office
vulnerability then the job may well be able to exploit such a
vulnerability, thus turning Condor into a very nice attack vector for very
bad people... :(

(And more such vulnerabilities are discovered all the time - how
frequently will your target users patch their machines?) 

And that's not even mentioning Condor as a vector for virus propagation.

So, if I was J. RandomUser there is *NO* way I'd allow someone I didn't
trust (to quite a high level) to run arbitrary code on my machine.  Of
course, there are no doubt users out there who might do because they
didn't know what they were letting themselves in for... 

	-- Bruce