Hi Dave,
I do see your point.
Just a couple of points.
1. Of course anybody could perform the DoS attack you suggest, but you
would know who they were as their DN would be logged as they would have
gone through the same level of security as anybody running in the batch
queue.
2. It is avery useful debugging tool and that should not be under
estimated.
All the best,
david
On Tue, 15 Nov 2005, David McBride wrote:
> Alessandra Forti wrote:
> > for me fork manager is a useful tool for who has to debug a possible
> > misconfiguration from remote. You might not need it but I don't think we
> > should get rid of it in general.
>
> That may well be the case, and I appreciate that you would try to use
> this facility responsibly -- but I consider this an enormous security
> risk.
>
> As it currently stands, any LCG user can run any abitrary executable
> they want on my CE -- hundreds of instances at once, if they so desired
> -- and DoS it into oblivion. Without accounting, without queueing, and
> without any of the safeguards implemented on my worker nodes, any Grid
> user can fork as many processes that they want on my gatekeeper and do
> lots of bad things.
>
> This is clearly a BUG, not a feature, and _MUST_ be disabled.
>
> Dissentions?
>
> Cheers,
> David
>
|