Re: [tablix-list] Observations and Queries

From: Nicholas Robinson <nprREMOVE@THISbottlehall.co.uk>
Date: Mon Jun 27 2005 - 21:56:55 CEST

Hi

I've had an email exchange with one of the authors of pvm and it seems that
provided we do things like chroot and use dedicated users for pvm with no
write access to anywhere and use a dedicated tmp area for pvm, etc. then the
exposue to malicious attack on the machines in the cluster would be very
limited.

The potential for eavesdropping on the messages between the slaves and the
master would remain, but presumably so long as the contents of <info> and
teachers' names aren't too revealing then privacy issues should be
manageable?

If we make it so that the user's own machine is always the master then I think
the pvm cluster doesn't need to have write access anywhere on the slaves -
other than the pvm tmp files noted above.

There was a 'secure pvm' written but it was never completed and there were US
export restrictions in any case.

I'll try to set up a sandbox next week.

Best Wishes

Nick

On Saturday 25 June 2005 14:22, Tomaz Solc wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> > When I upgraded pvm last time I had a problem accessing the remote
> > machines and raised a query on a mailing list or something. The response
> > was SSH was the preferred/most reliable authentication method even on a
> > local network. Presumably, this should overcome most of the security
> > threats?
>
> SSH is only used to start the pvmd daemon on all hosts. After that pvmd
> daemons communicate using unencrypted UDP traffic.
>
> > Can you use the pvm hosts file to restrict what can be executed?
>
> Maybe. I haven't tried that.
>
> > In an idle moment, I was wondering if it would be possible and useful to
> > have some sort of tablix/tablix2 processing collective with people
> > offering access to their machines to run tablix? I'd be willing to have a
> > go.
>
> I while ago I experimented with an web front end for Tablix. You can
> find some details in the wiki.
>
> I didn't finish it because I decided to work on the 0.2.x stable release
> first. Again, I can send you what I've made so far if you are interested.
>
> My iBuild config file is attached. I believe you will also need the
> contents of the "data" directory. You can find that at
> "http://www.tablix.org/~avian/tom2-data.tar.gz"
>
> Best regards
> Tomaz Solc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCvVqNsAlAlRhL9q8RAqSOAKCh7XD2g69GrHtOTZEMJMWSOohEpwCggNTP
> GzXDBa53rxqDhEtVRDg95oE=
> =LwFK
> -----END PGP SIGNATURE-----

-- 
Fight Prejudice - Fight the Ban (see www.countrysidealliance.org)
Received on Mon Jun 27 21:53:42 2005

This archive was generated by hypermail 2.1.8 : Tue Aug 16 2005 - 20:44:11 CEST