[visit-users] Building 1.11.1 svn 5827 problem

Meredith, Jeremy S. jsmeredith at ornl.gov
Fri Apr 3 17:00:53 EDT 2009


A couple things I should add about security and firewalls:

- for local launches, we use the loopback device -- as Marc may be hinting at, there's a good chance this means a firewall isn't your problem
- for remote launches, we also support an SSH tunneling paradigm that keeps your traffic secure by encrypting everything and should also keep you from having to poke any holes in your firewall

--
Jeremy Meredith
Oak Ridge National Laboratory


> -----Original Message-----
> From: Meredith, Jeremy S. [mailto:jsmeredith at ornl.gov]
> Sent: Friday, April 03, 2009 4:43 PM
> To: VisIt software users community
> Subject: Re: [visit-users] Building 1.11.1 svn 5827 problem
> 
> It should be at least as secure as any other user-space application
> that uses sockets.  Basically, VisIt comprises several UNIX processes,
> and they talk to each other using sockets.  But, the critical thing
> here is a security key -- we generate a random key that's different for
> each process launch, and it's passed over the encrypted SSH connection
> to the remote process, which is then expected to hand that back when
> connecting.  In fact, the connection works backwards from what you
> might expect -- your local process is the one that listens for incoming
> connections.  This is good on one hand because the local process is
> always the one making requests of the remote process, so if an attacker
> managed to spoof our protocol and somehow get the encrypted security
> key, there's still nothing useful he could really do.  And since this
> is all running in user space, not some system daemon, even an attack
> that somehow gets past all that and manages to get access to your
> system is not in a privile
> 
> If it helps, this was good enough to get approval from the security
> specialists at the DOE Labs.
> 
> --
> Jeremy Meredith
> Oak Ridge National Laboratory
> 
> 
> > -----Original Message-----
> > From: Daniel S Spicer [mailto:dsspicer1 at comcast.net]
> > Sent: Friday, April 03, 2009 4:23 PM
> > To: VisIt software users community
> > Subject: Re: [visit-users] Building 1.11.1 svn 5827 problem
> >
> > I was just talking to my one and only system guy and he wants to know
> > how Visit is using ports before he messes with my machine. Can you
> > enlighten me since he thinks this may be a security problem.
> >
> > Thanks,
> >
> > Dan
> >
> >
> > On Fri, 2009-04-03 at 14:40 -0400, Meredith, Jeremy S. wrote:
> > > Are you getting any errors printed to the console?  E.g. something
> > about GLX?  (A quick scan through previous error reports shows this
> as
> > one problem that can cause a hang at 98%.)
> > >
> > > Also, if possible, you might double-check to see if you have ports
> > 5600-5610 not blocked by a firewall, just in case it's a networking
> > issue.
> > >
> > > Ah, yes, I see Brad suggested -noconfig and -nowin.  Those are good
> > things to try, too.
> > >
> > > --
> > > Jeremy Meredith
> > > Oak Ridge National Laboratory
> > >
> > >
> > > > -----Original Message-----
> > > > From: Daniel S Spicer [mailto:dsspicer1 at comcast.net]
> > > > Sent: Friday, April 03, 2009 2:32 PM
> > > > To: VisIt software users community
> > > > Subject: Re: [visit-users] Building 1.11.1 svn 5827 problem
> > > >
> > > > Actually I missed looking into mdserver.1.vlog and found
> > > > Loaded full database plugin ZipWrapper version 1.0
> > > >  74 Exception: (LostConnectionException) SocketConnection.C, line
> > 159:
> > > > <The reason for the exception was not described>
> > > >  75 catch(LostConnectionException) MDServerApplication.C:288
> > > >  76 MDSERVER exited.
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, 2009-04-03 at 13:53 -0400, Sean Ahern wrote:
> > > > > Daniel S Spicer wrote:
> > > > > > I have successfully built Visit 1.11.1 svn 5827 on a Intel i7
> > with
> > > > 8GB
> > > > > > of DDR3 memory running Fedora 10. However, when I bring it up
> > for
> > > > the
> > > > > > first time it seems to hang during the "Creating plugin
> > > > Windows".OPening
> > > > > > window is always at 98% completed. Any suggestions how to
> > resolve
> > > > this
> > > > > > problem? The machine builds Visit in about 20minutes so I'm
> > willing
> > > > to
> > > > > > try another build.
> > > > >
> > > > > Turn on the debug logs and see what they tell you.
> > > > >
> > > > > See these two pages:
> > > > >
> > > > > http://visitusers.org/index.php?title=UserDebug
> > > > >
> > > > > http://visitusers.org/index.php?title=Debug_logs
> > > > >
> > > > > -Sean
> > > > >
> > > > > __
> > > > > Sean Ahern
> > > > > Oak Ridge National Laboratory
> > > > > 865-241-3748
> > > > > AIM: ornlsean
> > > > > --
> > > > > List subscription information:
> > > > https://email.ornl.gov/mailman/listinfo/visit-users
> > > > > Searchable list archives:
> https://email.ornl.gov/pipermail/visit-
> > > > users
> > > > > VisIt Users Wiki: http://visitusers.org/
> > > > > Frequently Asked Questions for VisIt:
> > http://visit.llnl.gov/FAQ.html
> > > > >
> > > >
> > > > --
> > > > List subscription information:
> > > > https://email.ornl.gov/mailman/listinfo/visit-users
> > > > Searchable list archives: https://email.ornl.gov/pipermail/visit-
> > users
> > > > VisIt Users Wiki: http://visitusers.org/
> > > > Frequently Asked Questions for VisIt:
> > http://visit.llnl.gov/FAQ.html
> > >
> > > --
> > > List subscription information:
> > https://email.ornl.gov/mailman/listinfo/visit-users
> > > Searchable list archives: https://email.ornl.gov/pipermail/visit-
> > users
> > > VisIt Users Wiki: http://visitusers.org/
> > > Frequently Asked Questions for VisIt:
> http://visit.llnl.gov/FAQ.html
> > >
> >
> > --
> > List subscription information:
> > https://email.ornl.gov/mailman/listinfo/visit-users
> > Searchable list archives: https://email.ornl.gov/pipermail/visit-
> users
> > VisIt Users Wiki: http://visitusers.org/
> > Frequently Asked Questions for VisIt: http://visit.llnl.gov/FAQ.html
> 
> --
> List subscription information:
> https://email.ornl.gov/mailman/listinfo/visit-users
> Searchable list archives: https://email.ornl.gov/pipermail/visit-users
> VisIt Users Wiki: http://visitusers.org/
> Frequently Asked Questions for VisIt: http://visit.llnl.gov/FAQ.html



More information about the visit-users mailing list