[Mauiusers] Maui LD_PRELOAD attack [PATCH attached]

Miguel Ros miguel.ros at bsc.es
Thu Apr 10 00:26:06 MDT 2008


Hi all,

we have some problems with LD_PRELOAD attacks (with the
fakeroot program) to the mclient commands. With fakeroot,
an unprivileged user can increase his privileges to ADMIN1
level easily.

I have made a patch in order to use client auth through the
command mauth. This command is in the source code but it
is not compiled by default.

After installed the patch, the file mauth should be at the path with
permissions root:root 4755 and a random file with size between 512 and
1024 bytes named .moab.key has to be created in all nodes in
the cluster in the same directory as maui.cfg with permissions root:root 600

Regards,
Miguel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mauth.patch
Type: text/x-patch
Size: 4567 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/mauiusers/attachments/20080410/d403374b/mauth.bin


More information about the mauiusers mailing list