Newsgroups: comp.parallel.pvm
From: Stefan Hinker <hinker@informatik.uni-wuerzburg.de>
Subject: Re: ANNOUNCING WPVM 1.0 !  PVM for MS WINDOWS
Organization: University of Wuerzburg, Germany
Date: 25 Sep 1995 08:35:29 GMT
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <445pkh$c5e@winx03.informatik.uni-wuerzburg.de>

Hello everyone!

Promising as it looks in general, the passage quoted below looks like a 
major security hazard:

>Using WPVM with PVM in an heterogeneous environment
>-----------------------------------------------------
>
>WPVM can coexist in a virtual machine with the original PVM.
>If the master of the virtual machine is WPVM, you have to give it
>information on how to access the UNIX machines to be enrolled in the environment.
>You have to be a owner of accounts on those UNIX machine and provide the WPVM master daemon
>with the username and passaword of your UNIX accounts (which should be the same in all the machines).
>Concerning the Windows machines, you don't have to worry about any security issues as Windows
>does not have any protection mechanisms. The rshell/rexec daemons implemented by WPVM do not
>worry about user authentication (they let anyone connect..).
>To configure the WPVM master daemon you should use the "Control-Manual Startup" menu.

Anyone could connect to the WPVM-master and use it to spawn processes on
the unix-Side of the virtual machine, being free to do anything the owner of 
the given account has a right to.  This looks like a big, wide open door
to a whole network to me!

Any comments and discussion highly welcome!

Greetings,
Stefan
-- 
===============================================================================
Stefan Hinker                         email: hinker@informatik.uni-wuerzburg.de
                Unix? Still working on it  :-))
===============================================================================


