Security posture of Julia?

[Rick Graham]

I couldn't find any network security related info in the Julia Documentation other than the SSHManager.  I noticed in Wireshark that using the default LocalManager sends Julia code in the clear on TCP ports of the localhost.  Has anyone done a security analysis of Julia?  For example, should the SSHManager be used even on the localhost to provide some privacy, etc.  How vulnerable to spoofing and DOS is Julia?

[Iain Dunning]

I'm unaware of any efforts in these directions. I'd guess that its not a high-priority given the typical use of those features - over local networks, in general, and through an ssh tunnel. If you have to use ssh on localhost then you are in a situation where you don't even trust your own machine, which is definitely higher security than I think anyone needs right now.

[Tim Holy]

I think it's also the case that things get done by people who are strong in
particular areas. Speaking for myself, I can say with certainty that awareness
about the subtleties of security is not one of my strengths. If it is one of
yours, I'd encourage you to consider taking a close look at whether there is
room for improvement.

Best,
--Tim

On Sunday, May 18, 2014 05:55:30 PM Iain Dunning wrote:
> I'm unaware of any efforts in these directions. I'd guess that its not a
> high-priority given the typical use of those features - over local
> networks, in general, and through an ssh tunnel. If you have to use ssh on
> localhost then you are in a situation where you don't even trust your own
> machine, which is definitely higher security than I think anyone needs
> right now.
>
> On Saturday, May 17, 2014 4:57:05 AM UTC-4, Rick Graham wrote:
> > I couldn't find any network security related info in the Julia

> > Documentation <http://julia.readthedocs.org/en/latest/> other than the
> > SSHManager<http://julia.readthedocs.org/en/latest/manual/parallel-computin
> > g/#clustermanagers>.>

[Keno Fischer]

I don't think we can reasonably be expected to develop a secure protocol. If you want security, you should do that on the transportation layer. If the localhost thing is of concern, perhaps running the parallel protocol over domain sockets would be a better idea. This should be straight forward if somebody does the work to expose it on the frontend (i.e. add a command that does it) since the IO abstraction over TCP and Domain sockets is the same. Of course you can never hide anything from people with root access. 

[Stefan Karpinski]

Perhaps using UNIX domain sockets by default when connecting to the same machine and SSH by default when connecting to other machines would be a good idea. That way you have the security of SSH over the network and the security of the permission system locally. Not sure what would be the analogous thing on Windows.

[Amit Murthy]

As things currently stand the connections between the workers are plain TCP, even in the case of SSHManager. The master process uses SSH to launch the workers and if tunneling is specified, to connect to the workers via an SSH tunnel. But the workers themselves use non-ssh connections to connect to each other. 

[Vilen Jumutc]

In some cases one might want to run julia code on separate clusters which are not directly visible to each other. So the need for SSH tunneling and imposing of some additional security checks is of a great interest. Please consider discussion here: https://github.com/JuliaLang/julia/issues/6256 and https://github.com/JuliaLang/julia/pull/6277. Personally I think we have to improve that part in implementation of julia!