NMRPipe is a NMR spectroscopy data analysis suite.
|Kappa||NSC||throughput cluster resource of 26 TFLOPS|
|Matter||NSC||cluster resource of 37 TFLOPS dedicated to materials science|
|Triolith||NSC||Capability cluster with 338 TFLOPS peak and 1:2 Infiniband fat-tree|
This program has considerable security issues that need to be addressed if installed on a multiuser system. It is recommended to set the permissions on the install directory to 700 prior to install and until all issues are solved.
- NMRPipe installs with many files and directories globally writable and executable. This means that anyone with access to the system can replace these programs with malicious programs. For example, it is trivial to produce a malicious program that sends your personal information and passwords to crackers.org and then executes the actual original program so you will never notice anything has gone wrong. This can be fixed at install using for example
chmod -R o-w .in the install directory.
- The nmrbin.*/nmrInit.com environment initialization script unnecessarily puts . first in $PATH, which means that all shell commands will be checked against matching files in the current working directory before execution, and if a matching executable is found, this program will be run instead. For example, it is trivial to construct a malicious program called cd, or ls, or ssh, or bruker, or any other command commonly used by NMRPipe users, and if an NMRPipe user happens to use any of these commands in a directory containing such a file, well see above for consequences. Notably, NMRPipe does not require or use this setting so it can (and SHOULD) be safely removed from nmrbin.*/nmrInit.com.
Tips and tricks
- NMRPipe claims to require using (t)csh shell, but actually doesn't. It requires a handful of environment variables to be set, and these can be trivially copied from nmrbin.*/nmrInit.com csh script.
- NMRPipe claims to require nmrbin.*/nmrInit.com to be sourced from the user's ~/.cshrc file, but actually doesn't, so users shouldn't. Especially since sourcing an unmodified nmrbin.*/nmrInit.com introduces potential security holes (see #Security considerations above).
No experts have currently registered expertise on this specific subject. List of registered field experts: