[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor as seti@home

Hi Bruce
I agree with you, I wouldn't let anyone run arbitrary code in my computer
But in our particular case, only selected code from approved projects would
be submitted to the pool and just one master can submit jobs, which is our
Now, for the vulnerabilities, the root climbing issue is not a
windows-specific issue (slammer?). But again, code is reviewed before
I'm afraid of vulnerabilities like IP-spoofing, DOS, buffer overflow, etc.

----- Original Message ----- 
From: "Bruce Beckles" <mbb10@xxxxxxxxx>
To: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Sent: Wednesday, August 11, 2004 1:56 PM
Subject: Re: [Condor-users] Condor as seti@home

> On Wed, 11 Aug 2004, Alain Roy wrote:
> <snip>
> > Granted, you can set it up so that Condor will run jobs as the nobody
> > (on Unix--there's something similar on Windows), so they are relatively
> > safe.
> <snip>
> It's worth *S*T*R*E*S*S*I*N*G* that "relatively" in "relatively safe" :
> For instance, we have a user application (not written by us I hasten to
> add)  which runs simulations of some description and can be put into a
> state where it is so I/O intensive that it _physically_ destroys the hard
> disk of the machine it was run on - took us a while to work out why all
> the hard disks kept dying as soon as someone ran this wretched
> application...  Needless to say the application was not running as a
> privileged user...
> In the Windows world I'm aware of user applications that can trigger
> catastrophic filesystem corruption on NTFS partitions (again said
> applications run by an "ordinary user").
> Also in the Windows world you would have the problem that even if you are
> running the job as an "ordinary user", if the machine you are running said
> job on has some RPC DCOM / Internet Explorer / Microsoft Office
> vulnerability then the job may well be able to exploit such a
> vulnerability, thus turning Condor into a very nice attack vector for very
> bad people... :(
> (And more such vulnerabilities are discovered all the time - how
> frequently will your target users patch their machines?)
> And that's not even mentioning Condor as a vector for virus propagation.
> So, if I was J. RandomUser there is *NO* way I'd allow someone I didn't
> trust (to quite a high level) to run arbitrary code on my machine.  Of
> course, there are no doubt users out there who might do because they
> didn't know what they were letting themselves in for...
> -- Bruce
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users