On 6/5/07, Michel <[EMAIL PROTECTED]> wrote:
>
> Well this problem I could solve. They were caused by an /etc/mtab
> file which was out of sync, making mount -a believe some
> filesystems were mounted when they weren't.
>
> I have now a running setup. The only problem is that one has
> to be root to do chroot in Fedora. So I created a user "sage"
> inside the jail and start the notebook as follows
>
> #/usr/sbin/chroot /sage-root su - sage -c "sage -notebook"
>
> Are there any security problems associated with this?
Beyond the natural issues of "breaking out of a chroot jail", which
I'll ignore since they have nothing to do with SAGE, there are at
least the following problems:
(1) A user can -- via the notebook -- vandalize
the sage user account in the chroot.
However, the SAGE notebook currently
resaves its state from RAM every
few seconds, so this doesn't cause much damage.
We are considering making it so worksheet processes
can be started as a different user in chroot;
this would help deal with the vandalism problem.
(2) If one can connect from the chroot to the outside
world via a network, then a person could run
code in your chroot via the notebook that could
do nasty things.
(3) Cross-side scripting -- people post a SAGE web
page that contains HTML and maybe javascript
that "takes over" somebody else's web browser.
(4) Robustness issues -- the SAGE notebook as it is
currently implemented is not designed to have
many users at once -- it's a simple single
threaded synchronous web server. We very much
hope to fix this problem at SAGE Days 4 next week.
(5) Resource issues -- users could evaluate code
via the notebook that uses a lot of resources,
e.g., RAM, CPU, etc. So you may want to run
the notebook renice'd to 19. Also, and this
is something we hope to do at SD4, it would
be good if any worksheet that used more than
XXX MB of RAM were to automatically stop with
an error; this could be accomplished by running
the SAGE subprocesses under ulimit. Currently,
in the public SAGE notebook I "solve" this by
just having it automatically restart every 10
minutes -- this is not a good solution in the
long run, but it's a simple way to ensure that
the notebook is mostly up and running -- this
is just the auto_restart option to the notebook
command. You'll have to do something like
sage -c "notebook(..., auto_restart=1000)".
(6) A model we'll switch to hopefully very soon
(once we figure out how!) for the notebook
is that all users will have to have accounts,
and anything *they* do will consequently be
logged. This will help a lot to cut down
on several of the above problems. Then you
can just give accounts to all the students
you have who will want to use the notebook
at your university, and if somebody is doing
something nefarious, you'll be able to tell
who it was.
(7) There are surely other security and robustness
related issues that I haven't addressed. However,
that said, many many people have found the public
SAGE notebook that I posted very useful over the
last year, and we haven't had any known serious
security problems as a result of it.
As background, note that the SAGE notebook was
designed and implemented 1 year ago (by Alex
Clemesha, me, and Tom Boothby) to solve one
problem: provide SAGE with some sort of graphical
interface. Using a web browser was just a shortcut
to make it cross platform, have font support, etc.,
very quickly. Then we quickly realized we could
put the notebook online for anybody to access.
It wasn't initially designed to have dozens of
users at once, and currently it won't work well
in that context. With proper resource limitations,
Tasynchronous support, user authentication,
and SSL (all mostly available in SAGE right now
via Twisted and GNUTLS), we should be able to
make the notebook extremely robust.
William
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---
