|
![](/i/fill.gif) |
Space Dude wrote:
> I have an online povray rendering farm and I happened to be the victim
> of a "hack" attempt already with it. The user was quite intelligent and
> used povray macros to edit my .login an .cshrc files on my machine.
> <pout> It actually worked and started to delete stuff, but thankfully I
> caught it in time and saved everything. So, kudos to whomever wrote it,
> but in the future, I'd like to stop those types of attacks if possible.
Initial reactions:
1) It sounds like POV-Ray was running as your user from some sort of
remotely executable script. If you're going to do something like that,
run it as a special user made expressly for the purpose, perhaps even
one who can't log in.
2) It's not a bad idea to have it run within chroot. That makes it
harder to clobber any files outside its isolated little sandbox (avoid
the myriad /tmp races, for instance, as well as keeping it out of your
own personal ~). Give it a little piece of your filesystem to call home
and put everything it needs there.
I'm not sure how your rendering farm is set up, so I can't be much more
specific in my advice.
-Mark Gordon
Post a reply to this message
|
![](/i/fill.gif) |