On 10/16/07, TrixB4Kidz <[EMAIL PROTECTED]> wrote: > Hey again. I actually got a similar reply from William earlier today > that I was going to append to this message (this post took quite some > time to appear on google groups for whatever reason). The particular > attack that I described is preventable, but the fact that the users > have full access to a shell creates the potential for large security > vulnerabilities. In particular, what about the other systems on your > network? You've just given everyone access to your system behind your > firewall. With this, I could easily write a script that punches a > hole through your firewall and creates a pipe to one of your blocked > ports.
The sage server isn't behind any firewall. The math department does have a firewall, but sage is "in front of it" rather than behind it. That said, there are some services accessible form the server that are only campus-accessible, e.g., library web servers. > What I'm more concerned about is the fact that this model opens the > rest of your network up. I mean, the attacker is behind the firewall > on a computer that is part of a campus's internal network. One could > build a crawler in Python that discovers the hidden network topology, > port maps all of the systems, and sends the results back to their > system via a raw socket or scp. So even if your server is rock-solid, > the attacker has still learned about several other potential entry > points into your network. Hence, the SAGE server could simply serve > as a stepping stone into a larger-scale attack on the network. It would be helpful if I blocked all outgoing connection from the notebook's chroot jail. I actually have planned to do so for a while, but haven't got around to it. An number of things would be more frustrating with this model, e.g., users couldn't use any of the network-aware databases that Sage has, or pull up files in the notebook from elsewhere online. But that's perhaps not an unreasonable inconvenience for added security. Actually, how do I setup networking in the chroot jail so processes in the chroot can't create outgoing connections, but processes not in the chroot can? -- William Stein Associate Professor of Mathematics University of Washington http://wstein.org --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
