[gridengine users] Security hole in most versions of Grid Engine
d.love at liverpool.ac.uk
Thu Apr 19 16:40:04 UTC 2012
Reuti <reuti at staff.uni-marburg.de> writes:
> If you run a prolog/epilog script under root account there might be
> even more depending on $PATH or other used (uninitialized) environment
> variables which are used therein.
Indeed, but PATH can be ignored, unlike things like LD_PRELOAD (which
I'd always had down as only working for objects in the system-configured
location, presumably because of some SunOS ancient history). What
really have to be fixed are the things which affect the dynamic linker.
> The best is to run them just as the ordinary user who runs the job anyway.
Yes, but they typically need privileges to mess with system-level things
(e.g. fiddling with things like cpufreq-set).
> NB: Don't forget about start/stop_proc_args ;-)
Yes. The fix I made should cover any such hooks when they're run with
Community Grid Engine: http://arc.liv.ac.uk/SGE/
More information about the users