[gridengine users] Security hole in most versions of Grid Engine
Reuti
reuti at Staff.Uni-Marburg.DE
Thu Apr 19 16:56:28 UTC 2012
Am 19.04.2012 um 18:46 schrieb Dave Love:
> Reuti <reuti at staff.uni-marburg.de> writes:
>
>> Am 17.04.2012 um 23:39 schrieb Rayson Ho:
>>
>>> If you Google for this kind of security bugs, you will find that there
>>> is always *1 more* env var that can change the behavior but is not
>>> filtered in other software.
>>
>> I don't know how it was fixed now, but one approach could be: if run
>> as root, clear all env var except the SGE_* ones. IIRC this is the way
>> Torque starts prolog/epilog.
>
> It's probably a good suggestion to transform things like that, but I
> suspect there isn't currently enough in the SGE_... list for reasonable
> uses in the hooks.
I was wondering too, why I can use $job_id $job_name ... pseudoparameters to pass it as argument to the scripts, while I have them already in $JOB_ID and $JOB_NAME there.
-- Reuti
> I'm unclear why the user environment needs to be passed to the remote
> startup daemons at all, rather than just clearing it modulo the
> canonical(?) necessary variables. Does anyone know?
>
> --
> Community Grid Engine: http://arc.liv.ac.uk/SGE/
> _______________________________________________
> users mailing list
> users at gridengine.org
> https://gridengine.org/mailman/listinfo/users
More information about the users
mailing list