Re: [condor-users] Some questions concerning security in Condor

[Zachary Miller <zmiller@xxxxxxxxxxx>]

> OK, here's another security-related question:
> 
> On systems where Condor is running as root, is it possible for the job's 
> executable to be chroot'd? In particular, is it possible to MAKE Condor 
> chroot the job's executable?

not currently.  were we to add such a feature, your pool and possible your job
would have to deal with a number of additional constraints:

  + if they aren't already, your condor daemons must run as root
  

the next three constraints apply only to vanilla universe jobs:

  + your executable must be statically linked since you will no longer be able
    to access libraries in /lib or /usr/lib, etc.  when you create a standard
    universe job using condor_compile, it is already linked statically.
  
  + you *must* use file transfer since your input files would otherwise be
    inaccessable (i.e. no NFS shares or pre-staging things in
    /some/scratch/dir).  likewise you must use file transfer to get your output
    back since condor will blow away the execute dir after the job completes.

  + your job could not invoke any system() calls to other executables since
    /bin, /usr/bin, etc would not be available.


there may be more constraints, these are just off the top of my head.  if you
think you can live with that and still have it be useful, perhaps we can add
chroot jails as a new condor feature.  please let us know what you think.


cheers,
-zach

Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>