On 10/16/07, Timothy Clemans <[EMAIL PROTECTED]> wrote: > William do you really think the notebooks can be vandalized?
Yes. The only secure computer is one that is not connected to the internet and is behind a secure wall with armed guards, etc. It helps if the computer is broken too. Security for machines offering services online is just a matter of degrees. > > > > If I remember right William welcomes people to try to vandalize the > > > > notebook server at https://sage.math.washington.edu:8102 > > > > No I don't! > > The e-mail below is what I thinking of. touché You're right. But seriously, I didn't mean that people should try to vandalize that one forever. Thanks for forwarding my email. William > ---------- Forwarded message ---------- > From: William Stein <[EMAIL PROTECTED]> > Date: Jun 27, 2007 12:39 AM > Subject: [sage-devel] Re: SAGE notebook 2 > To: sage-devel@googlegroups.com > > > > Hi, > > SUMMARY: I've made the public SAGE notebook servers > nontrivial to seriously vandalize or kill... I hope. Try to > crack them (especially https://sage.math.washington.edu:8102). > > DETAILS: > > For the first time in history I've finally setup a first > not totally-insanely-trivial-to-vandalize server in > the chroot jail on sage.math. In fact all three > servers: > > https://sage.math.washington.edu:8100 > https://sage.math.washington.edu:8101 > https://sage.math.washington.edu:8102 <--- please hack me. > > are so configured. > > What happens is that each user worksheet runs as a separate > user from the notebook server itself. In fact, there is a rotating > pool of 30 worksheet users. It should now be *extremely* difficult > for a user of the notebook to kill the notebook process itself, > or delete vital user data. > > So, for the first time ever, I invite you to please try to see if you > can kill the > notebook server. Let's restrict the attacks to the one on port 8102. > See if you break it by running malicious commands in a worksheet. > > NOTE: It is, of course, trivial to denial-of-service sage.math by just > running lots > and lots of processes at once. Please don't do that. > > William > > > > > On 10/16/07, William Stein <[EMAIL PROTECTED]> wrote: > > > > On 10/16/07, Robert Bradshaw <[EMAIL PROTECTED]> wrote: > > > > The public notebook servers on sage.math.washington.edu are jailed > > > > (http://sagemath.org/doc/html/inst/node10.html). Also there is a pool > > > > of 30 unix users that are used to evaluate worksheet code. That > > > > protects the main notebook system from a random user. Ulimit is also > > > > used. > > > > > > > > If I remember right William welcomes people to try to vandalize the > > > > notebook server at https://sage.math.washington.edu:8102 > > > > No I don't! > > > > Basically, the situation with the public notebooks is that they will > > remain up as a sort of "public service" until somebody actually > > visibly vandalizes them, or uses them for nefarious purposes that > > are noticed and reported to me, at which time they will be taken > > down indefinitely. At that point I'll replace them by a closed notebook > > that only people I explicitly give accounts to will have access to. > > They have been "open" now for about 18 months -- it surprises > > me that I haven't had to switch to a closed system yet. > > > > > I don't think vandalization is explicitly encouraged, however we > > > would love to have feedback on how to make the current setup more > > > secure. Making the python interpreter environment secure (e.g. > > > disabling/remapping os.system) without crippling SAGE is probably an > > > intractable problem, but running SAGE sessions with limited users > > > with limited ulimit and permissions, and running the entire process > > > in a jail, can serve to mitigate the problem. > > > > Which is exactly what we do. > > > > > You are right in pointing out that the SAGE server is not completely > > > secure, and it would be great if you could help us secure it further. > > > > Yes, I agree. I also agree that making the SAGE notebook server > > "100% secure" while allowing arbitrary people to sign up for > > accounts with no accountability is a completely unsolvable problem. > > That said, ideas for making it "more secure" without making it impossibly > > hard to use, are always appreciated. > > > > William > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ > To post to this group, send email to sage-devel@googlegroups.com > To unsubscribe from this group, send email to [EMAIL PROTECTED] > For more options, visit this group at > http://groups.google.com/group/sage-devel > URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ > -~----------~----~----~----~------~----~------~--~--- > > -- William Stein Associate Professor of Mathematics University of Washington http://wstein.org --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
