[gridengine users] Security hole in most versions of Grid Engine
d.love at liverpool.ac.uk
Thu Apr 19 16:46:53 UTC 2012
Reuti <reuti at staff.uni-marburg.de> writes:
> Am 17.04.2012 um 23:39 schrieb Rayson Ho:
>> If you Google for this kind of security bugs, you will find that there
>> is always *1 more* env var that can change the behavior but is not
>> filtered in other software.
> I don't know how it was fixed now, but one approach could be: if run
> as root, clear all env var except the SGE_* ones. IIRC this is the way
> Torque starts prolog/epilog.
It's probably a good suggestion to transform things like that, but I
suspect there isn't currently enough in the SGE_... list for reasonable
uses in the hooks.
I'm unclear why the user environment needs to be passed to the remote
startup daemons at all, rather than just clearing it modulo the
canonical(?) necessary variables. Does anyone know?
Community Grid Engine: http://arc.liv.ac.uk/SGE/
More information about the users