[torquedev] root exploit in torque?
Garrick Staples
garrick at clusterresources.com
Fri Oct 20 16:17:59 MDT 2006
Here is my simple patch that seems to fix the problem, but Ake has been
studying this longer so I hope to get his confirmation.
Anyone else have any comments for this patch?
Index: src/resmom/start_exec.c
===================================================================
--- src/resmom/start_exec.c (revision 1053)
+++ src/resmom/start_exec.c (working copy)
@@ -678,7 +678,7 @@
int i;
int file_out = -2;
int file_err = -2;
- int filemode = O_CREAT | O_WRONLY | O_APPEND;
+ int filemode = O_CREAT | O_WRONLY | O_APPEND | O_EXCL;
/* if std out/err joined (set and != "n"), which file is first */
Index: src/resmom/requests.c
===================================================================
--- src/resmom/requests.c (revision 1053)
+++ src/resmom/requests.c (working copy)
@@ -2468,7 +2468,7 @@
/* redirect stderr to make error from rcp available to MOM */
- if ((fd = open(rcperr,O_RDWR|O_CREAT,0644)) < 0)
+ if ((fd = open(rcperr,O_RDWR|O_CREAT|O_EXCL,0644)) < 0)
{
sprintf(log_buffer,"can't open %s, error = %d",
rcperr,errno);
More information about the torquedev
mailing list