PATCH Re: [torquedev] root exploit in torque?
Garrick Staples
garrick at clusterresources.com
Fri Oct 20 17:06:07 MDT 2006
Here is a patch that fixes the reported issue, and two more related
problems that Ake found. Please test.
-------------- next part --------------
Index: src/resmom/start_exec.c
===================================================================
--- src/resmom/start_exec.c (revision 1053)
+++ src/resmom/start_exec.c (working copy)
@@ -678,7 +678,7 @@
int i;
int file_out = -2;
int file_err = -2;
- int filemode = O_CREAT | O_WRONLY | O_APPEND;
+ int filemode = O_CREAT | O_WRONLY | O_APPEND | O_EXCL;
/* if std out/err joined (set and != "n"), which file is first */
@@ -4844,8 +4844,6 @@
return(-1);
}
- if (keeping != 0)
- {
/* in user's home, may be NFS mounted, must create as user */
#if defined(HAVE_SETEUID) && defined(HAVE_SETEGID)
@@ -4898,35 +4896,7 @@
#else /* Neither */
Crash and Burn - need seteuid/setegid or need setresuid/setresgid
#endif /* HAVE_SETRESUID */
- }
- else
- {
-
- if (pjob->ji_wattr[(int)JOB_ATR_umask].at_flags & ATR_VFLAG_SET)
- {
- old_umask = umask(pjob->ji_wattr[(int)JOB_ATR_umask].at_val.at_long);
- }
- fds = open(path,mode,0666);
- if (pjob->ji_wattr[(int)JOB_ATR_umask].at_flags & ATR_VFLAG_SET)
- {
- umask(old_umask);
- }
-
-
- if (fds >= 0)
- {
- /* change file uid/gid to execution user of job */
-
- if (fchown(fds,pjob->ji_qs.ji_un.ji_momt.ji_exuid,exgid) != 0)
- {
- close(fds);
-
- return(-1);
- }
- }
- }
-
return(fds);
} /* END open_std_file() */
Index: src/resmom/requests.c
===================================================================
--- src/resmom/requests.c (revision 1053)
+++ src/resmom/requests.c (working copy)
@@ -2468,7 +2468,7 @@
/* redirect stderr to make error from rcp available to MOM */
- if ((fd = open(rcperr,O_RDWR|O_CREAT,0644)) < 0)
+ if ((fd = open(rcperr,O_RDWR|O_CREAT|O_EXCL,0644)) < 0)
{
sprintf(log_buffer,"can't open %s, error = %d",
rcperr,errno);
More information about the torquedev
mailing list