[torquedev] root exploit in torque?

Åke Sandgren ake.sandgren at hpc2n.umu.se
Fri Oct 20 14:23:09 MDT 2006


On Fri, 2006-10-20 at 14:04 -0600, Garrick Staples wrote:
> On Fri, Oct 20, 2006 at 09:21:09PM +0200, ?ke Sandgren alleged:
> > On Fri, 2006-10-20 at 12:03 -0700, Martin Siegert wrote:
> > > On Fri, Oct 20, 2006 at 08:59:33PM +0200, ?ke Sandgren wrote:
> > > > On Fri, 2006-10-20 at 11:46 -0700, Martin Siegert wrote:
> > > > > Hi,
> > > > > 
> > > > > I just came across this:
> > > > > 
> > > > > http://www.securityfocus.com/archive/1/449248/30/0/threaded
> > > > > 
> > > > > Has this been fixed? I cannot find anything in the Changelog
> > > > > that refers to this flaw.
> > > > 
> > > > No there is currently no official patch.
> > > > I have one that we are rolling out on our cluster right now but Garrick
> > > > haven't finished looking at it yet.
> > > > 
> > > > The bug exists in ALL versions of PBS-Pro/OpenPBS/SPBS/Torque.
> > > > (We have seen confirmation that PBS-Pro also have this)
> > > > 
> > > > I have patches for 1.0.1p6, 2.0.0p4, 2.0.0p6 and 2.1.2
> > > 
> > > Can you email me the patch for 2.1.2, please?
> > 
> > Ok, but for the time being i will not put it on torquedev or anything
> > else public.
> 
> Why does the fix require anything more than adding O_EXCL when we open
> the spool files?

Since the files *.OU and *.ER is opened more then once in the code and
would need O_CREAT|O_EXCL protection in both places which won't work.

run_pelog also opens these files.



More information about the torquedev mailing list