[gridengine users] Security hole in most versions of Grid Engine

Reuti reuti at Staff.Uni-Marburg.DE
Thu Apr 19 16:56:28 UTC 2012


Am 19.04.2012 um 18:46 schrieb Dave Love:

> Reuti <reuti at staff.uni-marburg.de> writes:
> 
>> Am 17.04.2012 um 23:39 schrieb Rayson Ho:
>> 
>>> If you Google for this kind of security bugs, you will find that there
>>> is always *1 more* env var that can change the behavior but is not
>>> filtered in other software.
>> 
>> I don't know how it was fixed now, but one approach could be: if run
>> as root, clear all env var except the SGE_* ones. IIRC this is the way
>> Torque starts prolog/epilog.
> 
> It's probably a good suggestion to transform things like that, but I
> suspect there isn't currently enough in the SGE_... list for reasonable
> uses in the hooks.

I was wondering too, why I can use $job_id $job_name ... pseudoparameters to pass it as argument to the scripts, while I have them already in $JOB_ID and $JOB_NAME there.

-- Reuti


> I'm unclear why the user environment needs to be passed to the remote
> startup daemons at all, rather than just clearing it modulo the
> canonical(?) necessary variables.  Does anyone know?
> 
> -- 
> Community Grid Engine:  http://arc.liv.ac.uk/SGE/
> _______________________________________________
> users mailing list
> users at gridengine.org
> https://gridengine.org/mailman/listinfo/users





More information about the users mailing list