[torqueusers] Re: torque insecure information exposure
Garrick Staples
garrick at usc.edu
Tue Oct 19 16:41:56 MDT 2004
Thank you Dave,
This seems to be the desired behaviour. I'll be rolling this out in
production soon.
On Mon, Oct 18, 2004 at 12:06:41PM -0600, jacksond at supercluster.org alleged:
> Garrick,
>
> The latest torque-1.1.0p4 snapshot now disables display of job
> environment variables if the requestor is not the job owner and not an
> admin or manager. Please test this out at your convenience. (It is a
> pbs_server only change so no update of the pbs_mom daemons will be
> required). Things worked in local testing, please let us know what you
> find. If this works ok, please feel free to announce this to the list.
>
> Dave
>
> On Mon, 18 Oct 2004, Garrick Staples wrote:
>
> >Hello, sorry to email you directly, but I didn't think this should be on
> >the
> >torque list yet.
> >
> >I just realized that 'qstat -f' will happily dump a user's entire list of
> >env
> >variables to anyone that asks. Now, before you say, "but you can turn
> >that off
> >with query_other_jobs"... that isn't enough. query_other_jobs shouldn't
> >allow
> >access to such sensitive information.
> >
> >pbs_server needs to refuse env vars to anyone that isn't in the manager's
> >list.
> >
> >
--
Garrick Staples, Linux/HPCC Administrator
University of Southern California
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20041019/85352ef1/attachment.bin
More information about the torqueusers
mailing list