On 6/27/07, Martin Albrecht <[EMAIL PROTECTED]> wrote: > We cannot rely on DoS prevention systems elsewhere if the notebook is used for > a denial of service attack it is William's responsibility. > > Thus, I vote for a heavily firewalled chroot: > * do all the anti-spoof, packet scrubbing stuff > > * forbid any OUTGOING traffic > * allow a WHITELIST of hosts:ports (like sloane's database and such) > * allow DNS out (I'm afraid we have to do that) > > * forbid any INCOMING traffic > * allow SSH in > * allow the SAGE notebook communication in
I agree with all this. > Another thing: If I shoot myself in the foot 30 times (that is the number of > users) I effectively vandalized the SAGE notebook? Ignore this if it doesn't > make sense, I haven't actually tried to vandalize anything yet. No, you're right, sort of. You haven't vandalized it, you've denial of serviced it temporarily, in that everybody else's sessions will be automatically restarted. I should probably map each user to a single one of those 30 login names, so they can at most every vandalize 1/30 of the other users. Thoughts? Here 30 can be made arbitrarily large... william --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
