[torquedev] root exploit in torque?

Garrick Staples garrick at clusterresources.com
Fri Oct 20 13:56:43 MDT 2006


On Fri, Oct 20, 2006 at 09:21:09PM +0200, ?ke Sandgren alleged:
> On Fri, 2006-10-20 at 12:03 -0700, Martin Siegert wrote:
> > On Fri, Oct 20, 2006 at 08:59:33PM +0200, ?ke Sandgren wrote:
> > > On Fri, 2006-10-20 at 11:46 -0700, Martin Siegert wrote:
> > > > Hi,
> > > > 
> > > > I just came across this:
> > > > 
> > > > http://www.securityfocus.com/archive/1/449248/30/0/threaded
> > > > 
> > > > Has this been fixed? I cannot find anything in the Changelog
> > > > that refers to this flaw.
> > > 
> > > No there is currently no official patch.
> > > I have one that we are rolling out on our cluster right now but Garrick
> > > haven't finished looking at it yet.
> > > 
> > > The bug exists in ALL versions of PBS-Pro/OpenPBS/SPBS/Torque.
> > > (We have seen confirmation that PBS-Pro also have this)
> > > 
> > > I have patches for 1.0.1p6, 2.0.0p4, 2.0.0p6 and 2.1.2
> > 
> > Can you email me the patch for 2.1.2, please?
> 
> Ok, but for the time being i will not put it on torquedev or anything
> else public.

The exploit is public, no point in keeping fixes a secret :)




More information about the torquedev mailing list