On Fri, 18 May 2012 at 04:27 -0000, Beat Rubischon wrote:
> On 17.05.12 18:51, Rayson Ho wrote:
> > Just want to understand your use case, what is the main reason you
> > use the CSP mode??
>
> Security. The queuemaster fully trusts the username sent by the
> client binaries over the wire. You even have not to reverse engineer
> the somewhat ugly protocol spoken by the Grid Engine - a simple
> LD_PRELOAD with an override of getuid() and getgid() is enough to
> run jobs under the ownership of a different user (even root). It
> tooks me about an hour to exploit a Grid Engine and I'm a quite bad
> "hacker". Assuming you have a cluster where more then a hand full of
> fully trusted people are working, you need to use CSP.
>
> Everything is better then the standard "security" used in Grid
> Engine. Even port based authentication in NFS and RSH offers more
> security.
I asked the original question about use of CSP.
This was an informative message. I've trimmed some other good
information from it, but this portion confirms what I thought was the
case with Grid Engine.
It seems that CSP mode is the only current way to run a reasonably
secure Grid Engine configuration. For some definition of "reasonably
secure"... (see below for mine).
In April, there was a flap over a security issue in Grid Engine, but
there are more fundamental flaws in the default security that most
installation appear to use (i.e. not using CSP mode).
It isn't a bad idea to improve underlying security when possible and
the LD_LIBRARY_PATH/LD_PRELOAD issues are good to be fixed.
For our clusters CSP mode seems to be overkill and administrative
heavy. It's been a while since I looked at CSP mode, but like many
certificate based systems I've seen, it lacks any functional
revocation model. (I may be wrong, let me know.)
Our clusters run on isolated networks with all of the systems under
single administrative control. I would like to see the some other
simpler security model (using reserved ports, munge or even system
certificates instead of user certificates).
We are still running 6.2u5 but are starting to evaluate alternatives.
Addressing host based security will be a requirement, especially for
any purchased product.
Stuart
--
I've never been lost; I was once bewildered for three days, but never lost!
-- Daniel Boone
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
