From 43ddf4ddb381728571eeb62d0cb16cd46a3ec04f Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Tue, 10 Aug 2010 18:58:08 +0400 Subject: [PATCH] Add function job_unlink_file and use it in MOMs It will unlink the given file, but prior to this it will set user/group IDs to the job owner if it is possible (e.g. function is invoked with UID = 0). This will prevent Torque MOM to unlink files that aren't owned by the job executor. For example, /dev/null won't be destroyed anymore. Signed-off-by: Eygene Ryabinkin --- src/include/pbs_job.h | 1 + src/resmom/catch_child.c | 12 ++++++------ src/resmom/job_func.c | 39 ++++++++++++++++++++++++++++++++++++++- src/resmom/requests.c | 2 +- 4 files changed, 46 insertions(+), 8 deletions(-) diff --git a/src/include/pbs_job.h b/src/include/pbs_job.h index fae2b0b..4d1e9c7 100644 --- a/src/include/pbs_job.h +++ b/src/include/pbs_job.h @@ -897,6 +897,7 @@ extern int init_chkmom(job *); extern void issue_track(job *); extern int job_abt(job **, char *); extern job *job_alloc(); +extern int job_unlink_file(job *pjob, const char *name); #ifndef PBS_MOM extern job *job_clone(job *,struct job_array *, int); #endif diff --git a/src/resmom/catch_child.c b/src/resmom/catch_child.c index 03913a1..cd2fb70 100644 --- a/src/resmom/catch_child.c +++ b/src/resmom/catch_child.c @@ -1283,9 +1283,9 @@ static void preobit_reply( int x; /* dummy */ /* do this if not interactive */ - unlink(std_file_name(pjob, StdOut, &x)); - unlink(std_file_name(pjob, StdErr, &x)); - unlink(std_file_name(pjob, Checkpoint, &x)); + job_unlink_file(pjob, std_file_name(pjob, StdOut, &x)); + job_unlink_file(pjob, std_file_name(pjob, StdErr, &x)); + job_unlink_file(pjob, std_file_name(pjob, Checkpoint, &x)); } mom_deljob(pjob); @@ -1563,9 +1563,9 @@ static void obit_reply( { /* do this if not interactive */ - unlink(std_file_name(pjob, StdOut, &x)); - unlink(std_file_name(pjob, StdErr, &x)); - unlink(std_file_name(pjob, Checkpoint, &x)); + job_unlink_file(pjob, std_file_name(pjob, StdOut, &x)); + job_unlink_file(pjob, std_file_name(pjob, StdErr, &x)); + job_unlink_file(pjob, std_file_name(pjob, Checkpoint, &x)); } mom_deljob(pjob); diff --git a/src/resmom/job_func.c b/src/resmom/job_func.c index 4141b97..9552cfb 100644 --- a/src/resmom/job_func.c +++ b/src/resmom/job_func.c @@ -90,6 +90,8 @@ * job_clone clones a job (for use with job_arrays) * job_clone_wt work task for cloning a job * + * job_unlink_file() unlinks a given file using job credentials + * * Include private function: * job_init_wattr() initialize job working attribute array to "unspecified" */ @@ -550,6 +552,41 @@ void job_free( /* + * job_unlink_file - unlink file, but drop root credentials before + * doing this to avoid removing objects that aren't belong to the user. + */ +int job_unlink_file( + job *pjob, /* I */ + const char *name) /* I */ + { + int saved_errno = 0, result = 0; + uid_t uid = geteuid(); + gid_t gid = getegid(); + + if (uid != 0) + return unlink(name); + + if ((setegid(pjob->ji_qs.ji_un.ji_momt.ji_exgid) == -1)) + return -1; + if ((seteuid(pjob->ji_qs.ji_un.ji_momt.ji_exuid) == -1)) + { + saved_errno = errno; + setegid(gid); + errno = saved_errno; + return -1; + } + result = unlink(name); + saved_errno = errno; + + seteuid(uid); + setegid(gid); + + errno = saved_errno; + return result; + } /* END job_unlink_file() */ + + +/* * job_init_wattr - initialize job working attribute array * set the types and the "unspecified value" flag */ @@ -682,7 +719,7 @@ void job_purge( strcat(namebuf,pjob->ji_qs.ji_fileprefix); strcat(namebuf,JOB_SCRIPT_SUFFIX); - if (unlink(namebuf) < 0) + if (job_unlink_file(pjob, namebuf) < 0) { if (errno != ENOENT) log_err(errno, id, msg_err_purgejob); diff --git a/src/resmom/requests.c b/src/resmom/requests.c index b5d93ab..75a1bb7 100644 --- a/src/resmom/requests.c +++ b/src/resmom/requests.c @@ -690,7 +690,7 @@ static int return_file( close(fds); if (remove_file == TRUE && rc == 0) - unlink(filename); + job_unlink_file(pjob, filename); return(rc); } /* END return_file() */ -- 1.7.0.6