Vadim Gutnik <[email protected]> writes: >> Anyway, if you just want the hack that turns off submit host checking, >> I can send the diff to you offline -- I have no problem with sharing >> it here, but it really is a security issue > > Everybody (else) in the world runs servers that have no root exploits, > on secure networks > with secure authenticated filesystems? Wow. :)
Indeed, and rhosts-style security isn't worth that much. At the risk of being savaged again for referring to it: for anyone who might not realize, "... The assumption is made that the Grid Engine cluster is not exposed to any malicious attacks." <http://arc.liv.ac.uk/repos/darcs/sge/source/security/security.html>. [I'm puzzled by the current alert about torque that suggests it doesn't even default to host-based checking (confirmed by the doc), and people are running open to the world without it truned on. I'm often puzzled by gridpp, though. Does anyone know how torque control of submision works generally?] The GE security stuff needs sorting out, I think. The hostname check should be optional, perhaps as a "security method" in the same way as e.g. csp, and the methods shouldn't be mutually exclusive (like afs _or_ gss). -- Excuse the typping -- I have a broken wrist _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
