[torquedev] root exploit in torque?
Åke Sandgren
ake.sandgren at hpc2n.umu.se
Fri Oct 20 16:34:37 MDT 2006
On Fri, 2006-10-20 at 16:17 -0600, Garrick Staples wrote:
> Here is my simple patch that seems to fix the problem, but Ake has been
> studying this longer so I hope to get his confirmation.
>
> Anyone else have any comments for this patch?
>
>
> Index: src/resmom/start_exec.c
> ===================================================================
> --- src/resmom/start_exec.c (revision 1053)
> +++ src/resmom/start_exec.c (working copy)
> @@ -678,7 +678,7 @@
> int i;
> int file_out = -2;
> int file_err = -2;
> - int filemode = O_CREAT | O_WRONLY | O_APPEND;
> + int filemode = O_CREAT | O_WRONLY | O_APPEND | O_EXCL;
>
> /* if std out/err joined (set and != "n"), which file is first */
>
> Index: src/resmom/requests.c
> ===================================================================
> --- src/resmom/requests.c (revision 1053)
> +++ src/resmom/requests.c (working copy)
> @@ -2468,7 +2468,7 @@
>
> /* redirect stderr to make error from rcp available to MOM */
>
> - if ((fd = open(rcperr,O_RDWR|O_CREAT,0644)) < 0)
> + if ((fd = open(rcperr,O_RDWR|O_CREAT|O_EXCL,0644)) < 0)
> {
> sprintf(log_buffer,"can't open %s, error = %d",
> rcperr,errno);
Yes, contrary to my beliefs this morning this fixes the immediate
root-exploit.
There are still some slightly more obscure problems that i'm
investigating...
More info to come...
--
Ake Sandgren, HPC2N, Umea University, S-90187 Umea, Sweden
Internet: ake at hpc2n.umu.se Phone: +46 90 7866134 Fax: +46 90 7866126
Mobile: +46 70 7716134 WWW: http://www.hpc2n.umu.se
More information about the torquedev
mailing list