[torqueusers] [torquedev] TORQUE authorization security vulnerability

Chris Samuel samuel at unimelb.edu.au
Tue Aug 9 15:24:57 MDT 2011


On Wed, 10 Aug 2011 07:19:00 AM David Beer wrote:

> Essentially, TORQUE uses the idea for cluster security that
> individual machines in the cluster are secure, therefore you can
> trust root users.

Phew.. for a while I thought this was an unpatched exploit!

Thanks for the details David, much appreciated.

BTW: If you think that's a problem you should try running
GPFS where root on any node must be able to ssh to any
other node as root with no password. :-(

cheers,
Chris
-- 
   Christopher Samuel - Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
         http://www.vlsci.unimelb.edu.au/


More information about the torqueusers mailing list