[gridengine users] Security hole in most versions of Grid Engine
Dave Love
d.love at liverpool.ac.uk
Thu Apr 19 16:49:18 UTC 2012
Ron Chen <ron_chen_123 at yahoo.com> writes:
> Just IMO, IFS & PATH should be set by the script itself. But then it is just my opinion _only_.
Yes, shell scripts should be very careful if run with privileges in an
uncontrolled environment, and the normal advice is Don't Do That.
However, a shell script probably can't set PATH if it inherits a
malicious IFS.
> And there is also LANG, and many other variables that can change the behaviour of the script somewhat.
Yes, but the locale variables are more insidious in a security context
(see the code and reference in safe_exec). They may also affect
communication between different locales, e.g. GE's GDI
<https://arc.liv.ac.uk/trac/SGE/ticket/1394>, which I've worked on, and
<https://arc.liv.ac.uk/trac/SGE/changeset/4103/sge>.
--
Community Grid Engine: http://arc.liv.ac.uk/SGE/
More information about the users
mailing list