Re: [condor-users] Some questions concerning security in Condor

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

At 03:12 AM 2/26/2004, Mark Calleja wrote:


> OK, here's another security-related question:
>
> On systems where Condor is running as root, is it possible for the job's 
> executable to be chroot'd? In particular, is it possible to MAKE Condor 
> chroot the job's executable?

Once upon a time, long long ago when there was only the STANDARD universe, 
Condor did chroot for every job.

But at one point we stopped doing a chroot when VANILLA universe was 
added.  Many VANILLA jobs want to access files via a shared filesystem 
(NFS, etc), and/or want to access files/programs stored on the local 
disk.  Furthermore, even if you use the File Transfer facility in Condor, 
chroot is still a problem because of dynamic libraries.  Many programs will 
need to access various library in /lib, /usr/lib, etc.  On many Linux 
versions, annoyingly enough, even a statically linked binary will need 
access to some shared libraries (like the resolver, i believe).

These challenges make chroot more difficult than it would first appear, but 
certainly not impossible.  For instance, perhaps if the Condor EXECUTE 
directory was on the same volume as /lib, Condor could simply make hard 
links in the sandbox to most common libraries and system binaries before 
doing a chroot.....

Thanks for raising this issue.... it is time for us to revisit the chroot 
possibilities again...

regards,
Todd


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences

Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>