[Mauiusers] Maui LD_PRELOAD attack
miguel.ros at bsc.es
Thu Apr 10 00:24:47 MDT 2008
we have some problems with LD_PRELOAD attacks (with the
fakeroot program) to the mclient commands. With fakeroot,
an unprivileged user can increase his privileges to ADMIN1
I have made a patch in order to use client auth through the
command mauth. This command is in the source code but it
is not compiled by default.
After installed the patch, the file mauth should be at the path with
permissions 4755 and a random file with size between 512 and
1024 bytes named .moab.key has to be created in all nodes in
the cluster in the same directory as maui.cfg.
More information about the mauiusers