On Mon, Nov 28, 2005 at 01:49:07PM +0000 or thereabouts, David McBride wrote:
> Paul Kyberd wrote:
>
> > The first should be written into the LCG operating procedures
> > "No critical test should depend on a known security vulnerability.
> >Any such test should be removed from the list of critical tests as soon as
> >possible."
>
> I agree.
>
> It would mean that I cannot be penalised as a site admin for taking my
> site down because of security weaknesses in the software, and it raise
> the visibility of security issues to project management -- which would
> hopefully result in security bug fixes being given a greater level of
> priority than they are right now.
>
> ( Note that this, coupled with the "any user can run arbitrary code on
> the CE with jobmanager-fork" bug, would make job execution a
> non-critical test.)
As has been said before it is not any one but a valid user with logging.
What is the difference between a fork job manager and ssh?
In fact the fork job manager gives you more logging since at least it logs
the name of the binary the user initially runs.
Of course the difference is that some one else maintains your list of
auth' users but that is not a problem with the fork job manager as such.
Steve
>
> Cheers,
> David
> --
> David McBride <[log in to unmask]>
> Department of Computing, Imperial College, London
--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/
|