Frank Ch. Eigler wrote:
Bryan Che <bche@xxxxxxxxxx> writes:
[...] Ideally, we could include the client software for computation
as part of Fedora distributions and build out a large, million+ node
open grid for things like Fedora infrastructure tasks, scientific
computing, or socially-beneficial work. [...]
Could you say a word or two about the security implications of this
proposal? How would you convince a random fedora user that installing
this is safe to his machine / data / resources?
- FChE
I'll tell you what can be done to help keep the a user's machine safe,
but not how to convince a random Fedora user.
There are at least two possible approaches here: restrict applications
or use virtualization. They both depend on what you want to run on your
system and who you trust. The first possibility would be to restrict
execution of only programs that you approve, potentially those packaged
and distributed by the Fedora community. For instance, if you were
donating CPU cycles for building Fedora packages you may only want to
let mock run on your system. You'd be trusting the Fedora community to
provide both a mock implementation that was not malicious and input to
mock that was not malicious. The second possibility would be to restrict
execution to within a virtual machine, for as much as you are willing to
trust a VM as a security container. For instance, you could allow anyone
to execute any program they wanted on your system except you really only
let them run in a dedicated Xen domU on your system, which may or may
not have network access.
SELinux is also of interest here. There is an internship available
(IRC37406) to investigate policies for not only controlling what Condor
daemons are allowed to do but also what Condor jobs can do.
Best,
matt
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
