[gridengine users] Security hole in most versions of Grid Engine
reuti at Staff.Uni-Marburg.DE
Thu Apr 19 16:56:28 UTC 2012
Am 19.04.2012 um 18:46 schrieb Dave Love:
> Reuti <reuti at staff.uni-marburg.de> writes:
>> Am 17.04.2012 um 23:39 schrieb Rayson Ho:
>>> If you Google for this kind of security bugs, you will find that there
>>> is always *1 more* env var that can change the behavior but is not
>>> filtered in other software.
>> I don't know how it was fixed now, but one approach could be: if run
>> as root, clear all env var except the SGE_* ones. IIRC this is the way
>> Torque starts prolog/epilog.
> It's probably a good suggestion to transform things like that, but I
> suspect there isn't currently enough in the SGE_... list for reasonable
> uses in the hooks.
I was wondering too, why I can use $job_id $job_name ... pseudoparameters to pass it as argument to the scripts, while I have them already in $JOB_ID and $JOB_NAME there.
> I'm unclear why the user environment needs to be passed to the remote
> startup daemons at all, rather than just clearing it modulo the
> canonical(?) necessary variables. Does anyone know?
> Community Grid Engine: http://arc.liv.ac.uk/SGE/
> users mailing list
> users at gridengine.org
More information about the users