[torquedev] Spool permisions check fix for FreeBSD

Garrick Staples garrick at clusterresources.com
Mon Nov 20 22:50:26 MST 2006


On Sun, Nov 19, 2006 at 11:03:44AM +0100, trasz at pin.if.uz.zgora.pl alleged:
> On 1118T1814, Garrick Staples wrote:
> > On Sat, Nov 18, 2006 at 03:38:38PM +0100, trasz at pin.if.uz.zgora.pl alleged:
> > > In FreeBSD, new files are created with group equal to the group of the
> > > containing directory, not with group of creating process.  Thus, files
> > > created in /var/spool/torque/spool have group 'wheel', which causes
> > > pbs_mom to fail with 'pbs_mom: open_std_file, std file exists with
> > > the wrong group, someone is doing something fishy' message when trying
> > > to run an OpenMPI job.
> > 
> > Why would the group be inherited?  You shouldn't have the group setid
> > bit on spool set.
> 
> On BSD it's always this way, even without setgid set.  From 
> http://www.freebsd.org/cgi/man.cgi?query=open&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html
> 
> 'When a new file is created it is given the group of the directory which
> contains it.'

Come to think of it, if the gid of spools is always 0, doesn't this
patch just make the gid check worthless on freebsd?

Does this reenable the original security problem?



More information about the torquedev mailing list