On Sep 24, 12:22 am, Maike <[EMAIL PROTECTED]> wrote: Hi Maike,
> We'd like to set up a sage server allowing different users to see, > copy and edit our published worksheets. However, this allows users to > execute arbitrary system calls, e.g.> os.popen("ps auxw").read() Yes, any account on a Notebook server hands the user a shell, so you either trust them or you secure the server itself. > The formatting of the output is not perfect, but still, this is a > problem! > > I'd be grateful for any suggestions on how to set up a SECURE sage > server. If this has been covered elsewhere, just post the link... There are a couple possibilities: a) a chroot jail b) a VMWare image (or some other kind of virtualization) c) SELinux, potentially in combination with (a) None of the above is simple and securing a server so that it runs with SELinux is difficult. There is no documentation on how to do this yet. I would favor (b), frequent backups of the Sage notebook data and some intrusion detection system in the notebook in addition to keeping kernel and all the other components current to avoid break ins. Since you are running a VMware image it is easily resettable and the likelyhood of breaking out of the VMWare image is relatively small. So should you have somebody break into your box it is much easier to reset an image than the server. If you come up with something we would definitely like to hear about it. > Thanks! > > Maike Cheers, Michael --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---