[gridengine users] Security hole when running rooted scripts (was: ...in most versions of Grid Engine)

William Hay w.hay at ucl.ac.uk
Fri Apr 20 13:45:43 UTC 2012


On 20 April 2012 11:01, Reuti <reuti at staff.uni-marburg.de> wrote:
> Hi,
>
> Am 17.04.2012 um 22:57 schrieb William Hay:
>
>> prolog                       root@/sbin/busybox env -u BASH_ENV -u
>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERLLIB -u IFS
>> /cm/shared/apps/sge/current/cm/prolog
>
> Using a static busybox is a good approach, but I would suggest to use also the full path to `env`. The user could prepare something in $TMPDIR as it's included in the default path set by SGE which is: $TMPDIR:/usr/local/bin:/bin:/usr/bin unless it’s overriden by the user with the option -v PATH to the qsub command, then it’s $TMPDIR:$PATH

/sbin/busybox env doesn't execute an external env binary from the path
it causes busybox to behave as env.  An external env would be
vulnerable to LD_* before it got a chance to
modify the environment.


An alternative method would be to create a symlink to busybox called
env and then invoke that via its full path.

William




More information about the users mailing list