[torquedev] patch: defer chk_file_sec(path_server_name) until it's needed

Sergio Gelato Sergio.Gelato at astro.su.se
Sun Feb 25 16:09:30 MST 2007


The MOM only reads the server_name file as a last resort, if
mom_priv/config doesn't set $pbsserver. There is no point in requiring
server_name to exist (much less to have safe permissions) unless it's
actually going to be read.

Note also that the --with-server-name-file option to configure doesn't
(yet?) affect pbs_mom, only pbs_server. I make no attempt to change this.
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_path_server_name.dpatch by Sergio Gelato <Sergio.Gelato at astro.su.se>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Only check the security of path_server_name if it's going to be
## DP: consulted. Part of the problem is that chk_file_sec() fails on
## DP: nonexistent files.

@DPATCH@
diff -urNad torque-2.1.6/src/resmom/mom_main.c /tmp/dpep.laNyLG/torque-2.1.6/src/resmom/mom_main.c
--- torque-2.1.6/src/resmom/mom_main.c	2006-10-20 01:05:06.000000000 +0200
+++ /tmp/dpep.laNyLG/torque-2.1.6/src/resmom/mom_main.c	2007-02-14 13:23:03.701759881 +0100
@@ -2616,7 +2616,11 @@
     FILE *server_file;
     /* no $pbsserver parameters in config, use server_name as last-resort */
 
-    if ((server_file = fopen(path_server_name,"r")) != NULL)
+    if (
+#if !defined(DEBUG) && !defined(NO_SECURITY_CHECK)
+        !chk_file_sec(path_server_name, 0, 0, S_IWGRP|S_IWOTH, 1) &&
+#endif
+        (server_file = fopen(path_server_name,"r")) != NULL)
       {
       char tmpLine[PBS_MAXSERVERNAME + 1];
       char *pn;
@@ -5990,7 +5994,6 @@
   c |= chk_file_sec(path_aux,         1, 0, S_IWGRP|S_IWOTH, 1);
   c |= chk_file_sec(path_spool,       1, 1, S_IWOTH,         0);
   c |= chk_file_sec(PBS_ENVIRON,      0, 0, S_IWGRP|S_IWOTH, 0);
-  c |= chk_file_sec(path_server_name, 0, 0, S_IWGRP|S_IWOTH, 0);
 
   if (c)
     {


More information about the torquedev mailing list