Hi Alessandra,
It is trivial to remove the VOMS credentials from a standard proxy and
resign it with a different VO that the owner is a member of
(voms-proxy-init -noregen). This is somewhat mitigated on modern CREAM-CEs
by the use of limited proxies (at least on the nodes I've examined) but
this may not always be something that can be relied upon.
It may also be possible to use the pilot proxy to pull other jobs from
DIRAC, which would at the very least give a path for one user to steal
another user's credentials. Even within a single VO this would clearly be
unacceptable.
Regards,
Simon
On Thu, Aug 06, 2015 at 12:56:53PM +0100, Alessandra Forti wrote:
> Hi Daniela,
>
> we discussed this yesterday in the security meeting and we don't understand
> how the proxy can be used to access other VOs data. Each pilot will surely
> be submitted with different VOMS credentials. You cannot have a proxy with
> all the VOs credentials in it and a naked proxy is not accepted by any
> service anymore. Is this a Dirac peculiarity?
>
> cheers
> alessandra
|