On Sep 24, 12:22 am, Maike <[EMAIL PROTECTED]> wrote:
Hi Maike,
> We'd like to set up a sage server allowing different users to see,
> copy and edit our published worksheets. However, this allows users to
> execute arbitrary system calls, e.g.> os.popen("ps auxw").read()
Yes, any account on a Notebook server hands the user a shell, so you
either trust them or you secure the server itself.
> The formatting of the output is not perfect, but still, this is a
> problem!
>
> I'd be grateful for any suggestions on how to set up a SECURE sage
> server. If this has been covered elsewhere, just post the link...
There are a couple possibilities:
a) a chroot jail
b) a VMWare image (or some other kind of virtualization)
c) SELinux, potentially in combination with (a)
None of the above is simple and securing a server so that it runs with
SELinux is difficult. There is no documentation on how to do this yet.
I would favor (b), frequent backups of the Sage notebook data and some
intrusion detection system in the notebook in addition to keeping
kernel and all the other components current to avoid break ins. Since
you are running a VMware image it is easily resettable and the
likelyhood of breaking out of the VMWare image is relatively small. So
should you have somebody break into your box it is much easier to
reset an image than the server. If you come up with something we would
definitely like to hear about it.
> Thanks!
>
> Maike
Cheers,
Michael
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-support@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sage-support
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
