[petsc-users] petsc externalpackage directory
Barry Smith
bsmith at mcs.anl.gov
Tue Feb 2 23:17:51 CST 2016
> On Feb 2, 2016, at 11:08 PM, Jed Brown <jed at jedbrown.org> wrote:
>
> Satish Balay <balay at mcs.anl.gov> writes:
>
>> On Tue, 2 Feb 2016, Barry Smith wrote:
>>
>>> How do the "firewalls" help if users scp over the EXACT same files that the firewall blocked?
>>
>> I'm not sure how things are setup - but I suspect:
>>
>> - one can ssh on to the net [perhaps using a securecard]
>
> If you ssh with RemoteForward, then that host can ssh back to the client
> machine (without needing a password). This is very handy and also
> defeats the firewall.
I think Satish has it backwards; can can ssh and scp INTO the machine from outside, thus manually copy in tarballs and other sources of infection but you cannot ssh, scp, curl, wget or anything OUT of the machine to GET infected tarballs. Of course the end result is still that you have infected tarballs on your machine but now the sys admin can say it is your fault and not his or hers.
Barry
More information about the petsc-users
mailing list