[gridengine users] Security hole in most versions of Grid Engine

[Dave Love]

Reuti <reuti at staff.uni-marburg.de> writes:

> If you run a prolog/epilog script under root account there might be
> even more depending on $PATH or other used (uninitialized) environment
> variables which are used therein.

Indeed, but PATH can be ignored, unlike things like LD_PRELOAD (which
I'd always had down as only working for objects in the system-configured
location, presumably because of some SunOS ancient history).  What
really have to be fixed are the things which affect the dynamic linker.

> The best is to run them just as the ordinary user who runs the job anyway.

Yes, but they typically need privileges to mess with system-level things
(e.g. fiddling with things like cpufreq-set).

> NB: Don't forget about start/stop_proc_args ;-)

Yes.  The fix I made should cover any such hooks when they're run with
privileges.

-- 
Community Grid Engine:  http://arc.liv.ac.uk/SGE/