Dear UK TB support, GSVG RAT, Kostas, Alessandra, Oscar, SCG,
It looks like multiple threads have developed concerning glexec, and in
summary the problems seem to be:--
Pilot jobs turn the push model into a pull model, is this acceptable at
all?
Does the Glexec/pilot job design in principle contradict security
requirements?
They have not been updated for a while, but for example I quote from the
EGEE(I) requirements
(https://edms.cern.ch/file/485295/1/EGEE-JRA3-TEC-485295-UserReq-v1-0.pd
f )
In the Auditing requirements
"It must be possible to trace the distinguished name (DN) of the
certificate used for the original job submission."
Does the Glexec/pilot job design in principle introduce vulnerabilities
that are inherent in the design, rather than being bugs that can be
fixed. Hence we have a serious vulnerability issue that needs careful
consideration with SCG, TCG and others and a redesign/rewrite is needed.
Does the Glexec/pilot job design in principle contradict the agreed
policy?
Does the way Glexec is being used by VOs contradict the agreed policy?
Is there something else wrong with glexec that is obvious to sites?
I can't help thinking if Kostas and Alessandra are not happy something
isn't right.
Glexec has some implementation flaws, which can be fixed as a
straightforward vulnerability bug.
It seems to me that something may have gone wrong between satisfying
security requirements, ensuring design flaws that cause vulnerabilities
are not present, ensuring design flaws that contradict policy needs are
not introduced... This is not just a UK TB matter, or just an
operational matter, but something that needs investigating to find
whether or not there is a serious problem.
Linda
|