[Mauiusers] Maui LD_PRELOAD attack

Miguel Ros miguel.ros at bsc.es
Thu Apr 10 00:24:47 MDT 2008


Hi all,

we have some problems with LD_PRELOAD attacks (with the
fakeroot program) to the mclient commands. With fakeroot,
an unprivileged user can increase his privileges to ADMIN1
level easily.

I have made a patch in order to use client auth through the
command mauth. This command is in the source code but it
is not compiled by default.

After installed the patch, the file mauth should be at the path with
permissions 4755 and a random file with size between 512 and
1024 bytes named .moab.key has to be created in all nodes in
the cluster in the same directory as maui.cfg.

Regards,
Miguel


More information about the mauiusers mailing list