[torqueusers] [torquedev] TORQUE authorization security vulnerability

Chris Samuel samuel at unimelb.edu.au
Tue Aug 9 15:24:57 MDT 2011

On Wed, 10 Aug 2011 07:19:00 AM David Beer wrote:

> Essentially, TORQUE uses the idea for cluster security that
> individual machines in the cluster are secure, therefore you can
> trust root users.

Phew.. for a while I thought this was an unpatched exploit!

Thanks for the details David, much appreciated.

BTW: If you think that's a problem you should try running
GPFS where root on any node must be able to ssh to any
other node as root with no password. :-(

   Christopher Samuel - Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545

More information about the torqueusers mailing list