[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job



Dimitri Maziuk wrote:
> I think there's 2 distinct issues: one is the use of "nobody" that makes
> it impossible to ssh_to_job. You only need one UID to fix that.

This is where I figure a simple configuration tool is worth having. You
can set the number of users to 1, you can set it to ~65,000, or anything
in between.

> The other is per-slot users. I'm not sure I buy the "trample over other
> nobody's jobs' files" argument: if you sandbox each job properly in its
> own per-pid (chroot'ed?) filespace, that should take some serious

It takes almost no effort. All a malicious user needs to do is submit a
job that runs on the same node as the victim's job. chroot jails do not
protect a process's address space or the process itself. If a process is
running as UID nobody then any other process running as UID nobody can
peruse and scribble on the first process's allocated memory. Other
processes running as UID nobody can issue signals to the first process
causing it to crash or dump core or what have you.

Core War, anyone? :)

-- 
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science