On 01/09/12 15:00, Nils Bruin wrote: > > Via the absolutely zero-configuration one-time certificate opening of > the notebook, I agree. However, on a machine with multi-account login > (nearly any unix/linux/mac workstation in a department network), even > listening on localhost provides a larger attack surface. If I'm > running notebook() and someone logs in to the machine and connects to > the notebook, there is now another way someone could try to run code > under a different (my!) identity. Normally people will probably not > realize that by starting notebook() they are increasing their attack > surface. I don't think including GnuTLS solves this problem, so I'm > not against dropping it. > > Are there things we can do to improve (perceived) security around this? >
I just spent thirty seconds starting a notebook (bringing my total notebook usage up to about thirty-seconds-worth): don't you need a username/password to run sage code? If there's a bug in the web server software, it could allow "remote" execution over localhost. Otherwise, it looks to me like you have to log in to do any damage. Sending your admin password over the loopback interface unencrypted is safe, since only root can sniff it. -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
