[rc5] V3 Questions and Concerns

Chris Arguin Chris.Arguin at unh.edu
Fri Oct 24 15:37:19 EDT 1997


On Fri, 24 Oct 1997, Sebastian Kuzminsky wrote:

> Chris Arguin <Chris.Arguin at unh.edu> wrote:
> ] That being the case, we are then downloading and executing programs in an
> ] unsupervised fashion. Now, I know that there is relatively little risk.
> ] Someone would either have to subvert one of the proxies (of which there
> ] are only a few, well-known ones), or interrupt the program-transfer
> ] mid-stream to send their own, potentially malicious program. Even so, as
> ] long as the client doesn't require root access (and it shouldn't), most
> ] OSes will be relatively protected.
> 
> 
>    This is certainly a serious problem.  Much of the allure of Java is
> that it allows this kind of thing (download and run random code)
> securely.  As has been shown, Java is not fast enough to be usable in
> the distributed.net effort yet, so we have to do something else.
> 
> 
>    It's been said before but i'll say it again:  There is no substitute
> for having source code.
> 
> 
>    In most contemporary operating systems, there exist facilities for
> running programs natively in a sandbox.  For example, in Unix i can
> create a special user ('distributed'), and run distributed.net clients
> as that user in a nice'd, chroot'ed, setrusage'ed environment.  The
> client program can still run amok and freak out, but it's not going to
> hurt my system, and i can just step in and kill it.

But look at the top three groups from the RC5 effort. MacOS, Linux, and
OS/2 Warp. People using Linux certainly have the usual Unix compilers and
security (I know, I run Linux). I can't speak with any certainty about
MacOS, but I hazard that it doesn't come with a compiler, and I belive it
is single-user. OS/2 Warp doesn't come with a compiler, and  AFAIK, there
are no provisions for the necessary level of security.

Windows 95 falls in the same boat. Windows NT doesn't come with a
compiler, but at least it has *some* security.

Basically what I am getting at is this: While distributing source code is
a GOOD thing, it won't work for everyone. Too many people have Win95.

Of course, it could be done two ways. Distributed source for those who
want it and have the facilities for it, and precompiled, automatically
downloadable clients for those who don't care. But I find that solution
somewhat distastful.

>    Perhaps it would be useful to develop and distribute a wrapper for
> these clients that allows the administrator to configure the amount of
> resources they are willing to part with.
> 
> 
>    And no; there is just no way that i would run an suid root binary off
> the net.
> 

--
Chris Arguin                 | "...All we had were Zeros and Ones -- And 
cpa at hopper.unh.edu           |  sometimes we didn't even have Ones."
                             +--------------+	- Dilbert, by Scott Adams
http://leonardo.sr.unh.edu/arguin/home.html |


----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list