Newsgroups: comp.parallel.pvm
From: bode@hubris.jpl.nasa.gov (Andy Boden)
Subject: Q: PVM Network Communication Behavior
Organization: Jet Propulsion Laboratory -- California Institute of Technology
Date: 28 Sep 1995 21:38:25 GMT
Message-ID: <44f4kh$hk0@elroy>

Greetings from Southern California,

I have a question for the real network gurus/PVM hackers.  This
question, or its answer, has far-reaching implications for anyone who
"mines cycles" on machines who are administered by folks who take
their security seriously.

Recently I ran into a problem starting PVM (v3.3.7) on some machines
that had previously worked fine (and were among the most productive in
my ensemble).  These machines were all in a single subnet, and all
managed by the same set of system manglers.  Through trial and error
we narrowed the culprit down to a set of implemented security
"features" that carefully controlled the types of TCP packets that
were recognized and acknowledged by these hosts.  So I contacted the
manglers to verify this speculation, and this is in fact the case.

Because the sysadmins were friendly folks, they were willing to help
me figure out exactly what PVM was trying to do, and what "holes" in
their security procedures would be required for me to get back to
work.  The following is a description of the network behavior of PVM
during startup and nominal operation made by such a sysadmin.  I
believe it to be correct, but I'm not particularly well qualified to
judge (I'm a physicist):

> Working interactively with Andy on configuring a filter hole for PVM
> from his machine I first tried both ports 512 (rexec) and 513
> (rlogin).  That did not work so I then opened a hole to allow all
> packets from hubris and captured them.  PVM apparently uses rexec to
> negotiate "random" ports above 1023 for data and command transfers.
> It also uses both TCP and UDP on these negotiated ports.  This
> behavior makes it impossible to set up a decent protocol filter.

This description of PVM behavior, presuming it's correct, makes my
security conscience sysadmin unhappy.  Presumably this prevents him
from simultaneously allowing me access and minimizing his security
risk if my machine is compromised.

So now I (finally) come to my questions:

1) Is there some way to control this connection behavior, say for
instance, that I define at pvmd startup the port number that PVM uses
for command and data communication?  This would allow the number of
enabled ports to be limited, minimizing the risk for unintended
access.

2) Is UDP a requrement for PVM functionality, or is there some
compile-time or run-time switch that one can use to only use TCP in
PVM communications?

3) Is such unsecure communication behavior a "feature" that has been
/is likely to be removed in PVM releases later than v3.3.7?

4) Is MPI better behaved in this network access respect?

Thank you in advance for your time and concern in these matters.


							- A.B.

