[gridengine users] Security hole in most versions of Grid Engine
reuti at staff.uni-marburg.de
Fri Apr 20 09:36:51 UTC 2012
Am 19.04.2012 um 18:56 schrieb Reuti:
> Am 19.04.2012 um 18:46 schrieb Dave Love:
>> Reuti <reuti at staff.uni-marburg.de> writes:
>>> Am 17.04.2012 um 23:39 schrieb Rayson Ho:
>>>> If you Google for this kind of security bugs, you will find that there
>>>> is always *1 more* env var that can change the behavior but is not
>>>> filtered in other software.
>>> I don't know how it was fixed now, but one approach could be: if run
>>> as root, clear all env var except the SGE_* ones. IIRC this is the way
>>> Torque starts prolog/epilog.
>> It's probably a good suggestion to transform things like that, but I
>> suspect there isn't currently enough in the SGE_... list for reasonable
>> uses in the hooks.
> I was wondering too, why I can use $job_id $job_name ... pseudoparameters to pass it as argument to the scripts, while I have them already in $JOB_ID and $JOB_NAME there.
Aha, I have one script where I need $SGE_TASK_ID. I could imagine, that in the beginning there were only the pseudo variables, and later on it was requested to get access to additional variables.
> -- Reuti
>> I'm unclear why the user environment needs to be passed to the remote
>> startup daemons at all, rather than just clearing it modulo the
>> canonical(?) necessary variables. Does anyone know?
>> Community Grid Engine: http://arc.liv.ac.uk/SGE/
>> users mailing list
>> users at gridengine.org
> users mailing list
> users at gridengine.org
More information about the users