Comments (7)
I did explore solutions for this issue. I don't think there is any bulletproof way to solve this problem as long as node operators still have access to the computer. Typically, research papers focus on the fact that the codes are potentially malicious and the host are honest actors, not the other way round (i.e., hosts are malicious and codes are honest). Docker and other Sandbox environments are designed based on the fact that hosts are honest actors.
Because of that design decision, I found no practical way to stop the node operator from SSH into the docker containers. There are some workarounds (e.g., deleting /bin/sh and /bin/bash program in the container, obfuscating codes), but it does not seem like a way to solve the problem technically.
The best way to solve this issue is by detection and penalty. If the Flux benchmark can be updated to detect malicious behavior and kick them out of the queue when malicious behaviors are detected, that should be a good enough solution.
from flux.
from flux.
from flux.
Those methods are always just workaround, and we will play hide and seek with node operators if that are the methods we use to solve the issue. In addition, removing /bin/bash
and /bin/sh
always means that software deployers will lose the feature to execute shell script remotely (since most useful programs are removed).
Code obfuscation only means that it is difficult for a node operator to read the codes, but they can always change the codes completely if they wanted to.
from flux.
There is clearly no quick fix for this.
If we could introduce a Operational and Maintenance Mode for the Node and then not allow root access when in Operational mode (ie only time apps can run)
We are renting the whole machine and require nothing else to be allowed to run.
We'd also need to change the root password and give node op sudo access only in Maintenance Mode
from flux.
There is clearly no quick fix for this.
If we could introduce a Operational and Maintenance Mode for the Node and then not allow root access when in Operational mode (ie only time apps can run)
We are renting the whole machine and require nothing else to be allowed to run. We'd also need to change the root password and give node op sudo access only in Maintenance Mode
This. Removing sudo rights from node ops is the only valid security measure to ensure privacy for app owners. Clealy permit rules would be needed for host security updates and maintenance, reboot etc. This leads to a full custom OS for Flux as a solution. Or, as an interum, give up sudo rights as part of install from multitoolbox or something.
Is it worth pursuing other avenues in the meatime?
The way I allways look at it - whatever obfusication I'm doing, there are allways ways of getting the data. Would I be happy putting ETH validation keys on there? No, okay.
from flux.
Could this solved with encrypt private image at v4.0.0?
Applications that target nodes are called enteprise and get access to private images, secrets which is achieved by encrypting app specifications.
https://github.com/RunOnFlux/flux/releases/tag/v4.0.0
from flux.
Related Issues (20)
- Run docker containers with the --cpu limits HOT 4
- [BUG] Can't create new dapp HOT 2
- [BUG] Missing coma from Flux 4.0 Documentation
- [BUG]
- [FEAT] Multitoolbox Benchmarking HOT 2
- Malicious docker container [BUG] HOT 2
- Traffmonetizer container running [BUG] HOT 1
- [FEAT] Migrate to TypeScript
- [BUG] Flux_Test_App out of port range for Multi-node Configuration HOT 1
- Could I have more sync folder? HOT 1
- [FEAT] Expose PGPSigning service to applications HOT 1
- [BUG] IPTABLES - need to check prior to adding rule if it exists already - iptables is not idempotent HOT 4
- [FEAT] Use structures for flux messages
- [FEAT] Request For Comment - Private cloud for Fluxapps
- [BUG] Flux Explorer Transaction report
- [FEAT] use ZMQ pub / sub for block processing trigger
- [FEAT] Add Docker tmpfs Mount HOT 1
- [FEAT] Thunder Usage stats API
- [BUG] Failed: Error on FluxOs response - Running application Kadena4 on ports [31350,31351,31352] is not reachable from outside! HOT 7
- [BUG] Logs Don't Populate HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flux.