[rc5] V3 Questions and Concerns

Sebastian Kuzminsky kuzminsk at taussky.cs.colorado.edu
Fri Oct 24 13:11:11 EDT 1997


Chris Arguin <Chris.Arguin at unh.edu> wrote:
] That being the case, we are then downloading and executing programs in an
] unsupervised fashion. Now, I know that there is relatively little risk.
] Someone would either have to subvert one of the proxies (of which there
] are only a few, well-known ones), or interrupt the program-transfer
] mid-stream to send their own, potentially malicious program. Even so, as
] long as the client doesn't require root access (and it shouldn't), most
] OSes will be relatively protected.


   This is certainly a serious problem.  Much of the allure of Java is
that it allows this kind of thing (download and run random code)
securely.  As has been shown, Java is not fast enough to be usable in
the distributed.net effort yet, so we have to do something else.


   It's been said before but i'll say it again:  There is no substitute
for having source code.


   In most contemporary operating systems, there exist facilities for
running programs natively in a sandbox.  For example, in Unix i can
create a special user ('distributed'), and run distributed.net clients
as that user in a nice'd, chroot'ed, setrusage'ed environment.  The
client program can still run amok and freak out, but it's not going to
hurt my system, and i can just step in and kill it.


   Perhaps it would be useful to develop and distribute a wrapper for
these clients that allows the administrator to configure the amount of
resources they are willing to part with.




   And no; there is just no way that i would run an suid root binary off
the net.




Sebastian

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list