[Mauiusers] Maui LD_PRELOAD attack

Paul Millar p.millar at physics.gla.ac.uk
Thu Apr 10 06:28:15 MDT 2008


Hi Miguel,

On Thursday 10 April 2008 08:24:47 Miguel Ros wrote:
> we have some problems with LD_PRELOAD attacks (with the
> fakeroot program) to the mclient commands. With fakeroot,
> an unprivileged user can increase his privileges to ADMIN1
> level easily.

IMHO, this is a non-issue.

Maui (and presumably, moab) does not provide user-level authentication, only 
host-level authentication via IP address.  The user-based authentication is a 
fig-leaf: the client specifies which user they are and the server believes 
them.  There's some effort to provide authenticated clients (a shared 
password), but it is ineffective and actually works against some production 
deployments.

This is in contrast to how torque provides security.  From memory, the client 
obtains a token from a suid binary.  The suid binary communicates with the 
server to obtain a challenge the server issues.  This works with privileged 
ports (<1024), so mandating the suid-bit.

HTH,

Paul.


More information about the mauiusers mailing list