You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because we now allow arbitrary code to be executed in easyconfig (.eb) files, that's a major security issue.
Easyconfigs files can easily be passed between users of EasyBuild, and they can execute totally arbitrary code (e.g. rm -rf * in the user's home directory).
We need to find a way to remedy that.
One suggestions is to limit what can be done in an easyconfig file (suggested by @nudded):
As discussed earlier via VOS protocol (=Voice Over Soundwaves :-), the easyconfig files per se are not a security risk, since a simple trojan patch file can prove that, the complete compilation business is a very risky endeavor.
This is for example relevant when we do automated pkgsrc based easybuild compilations: how can someone trust that no one of the 20000 packages' Makefiles will do something funny? IMHO, you can't: something in there might contaminate the rest of the process; of course, this is the same issue as port-based systems & has similar remedies.
(ie. containment of the risk by using unprivileged account etc).
Now, as regards python, if we really think that there is a risk, the following might be of interest: http://pypy.org/features.html#sandboxing
(ie --sandboxing would be calling for execution under pypy, perhaps in a module in itself)
easy_install actually also set's up a big sandbox for each installation.
What @boegel proposes is a sort of sandbox, although one that can be easily broken out of.
However, I do agree that whilst this is an issue, it's not any bigger then a lot of other possible things that might go wrong.
So I do propose to close this as wontfix.
I think we need another round of discussion (e.g. on a future hackathon) before we close this as wontfix.
On the one hand, I agree, but I also don't see why we shouldn't make it less easy to do nasty stuff by limiting what's possible in easyconfig files (e.g. by actually parsing them instead of just exec'ing them).
Moved to a later milestone, but keeping it open for now.
Because we now allow arbitrary code to be executed in easyconfig (
.eb
) files, that's a major security issue.Easyconfigs files can easily be passed between users of EasyBuild, and they can execute totally arbitrary code (e.g.
rm -rf *
in the user's home directory).We need to find a way to remedy that.
One suggestions is to limit what can be done in an easyconfig file (suggested by @nudded):
The text was updated successfully, but these errors were encountered: