[torqueusers] Security Vulnerability in Torque

David Golden dgolden at cp.dias.ie
Fri Oct 20 18:23:06 MDT 2006


On 2006-10-20 17:51:04 -0600, Garrick Staples wrote:

> > re style of fix:
> > 
> > * I guess one part of the fix might be to sete[ug]id before open
> > even in the keeping=0 case... I don't see why one wouldn't? (except of 
> > course on systems that don't support sete[ug]id at all...). Does
> > that in fact eliminate any problem?
> 
> This does exactly that:
> http://www.clusterresources.com/pipermail/torquedev/2006-October/000344.html
> 

...oops... I really should subscribe to -dev...

One thought - O_EXCL, while a good idea to include, is traditionally still
not necessarily safe on e.g. NFS.   Now, not sure it's all that likely that 
/var/spool/pbs/spool will be on NFS, but I can imagine e.g. newly
sharedroot/diskless/warewulf systems where the admin doesn't initially
realise that it makes relatively little sense to keep spooling... 
because (er) I didn't when I moved to shared root...

> I'm divided on removing the malicious link on the fly.  On the one hand,
> we want to raise a giant red flag to alert the admin.  On the other
> hand, we don't want a malicious user to break other users' job.
> 

Have per-user subdirectories under pbs/spool/ in the non-disable-spool 
case? But... then be careful when creating _them_...




More information about the torqueusers mailing list