ROOT install - Security? Disable Networking? Disable Cliebt/Server?

I have been requested to seek information out about configuring an installation of ROOT on a US government machine in the United States.

I have done some initial testing and found that I was able to build 5.28.000h and 5.36.34 on our SGI ICE Cluster and our Cray XC30 HPC Cluster

My local security group is concerned about potential client/server use in our Kerberized environment, and asked the following questions:

I would appreciate a response as I have users requesting access to the software.

  1. Are there any known/published security issues?
    This request is for version 5.28, current looks
    to be about 6.10.

** Note I was able to build 5.28.000h and 5.36.34 versions.

  1. It looks like this has client/server capability after all. See here for ROOT setting up a server
    and client, and passing an object, apparently without any form of authentication.

Can ROOT objects include scripts or other arbitrary executable
programs or shell commands?

What (if any) authentication does networked ROOT support?

Can the ROOT network capability be turned off in a config file
or maybe ./configure’d --disable’d, or patched out in the ROOT
source code?

It looks like the port is user-specified so firewalls/iptables
would not be able to provide mitigation.


AFAIK this is a military application; CERN members of personnel cannot help due to CERN’s “constitution” explicitly forbidding work related to military applications. Thanks for your understanding!

Cheers, Axel.