Re: [gpfsug-discuss] GPFS/Spectrum Scale security vulernability - All versions

Wed, 01 Jun 2016 08:12:01 -0700

Note that that page gives a rather long-winded and incomplete workaround:
 

Workarounds and Mitigations

Until the fixes can be applied, a workaround is to remove the setuid from the files in the /usr/lpp/mmfs/bin directory. Determine the set of files with setuid bit by running
ls -l /usr/lpp/mmfs/bin | grep r-s
Then reset the setuid bit for each such file by issuing this command on each file
chmod u-s file

 
instead of the more obvious :
   find /usr/lpp/mmfs/bin -perm -4000
which can be piped into an xargs -l chmod u-s    if desired.
 
 
By the way the files affected are all binaries so not as obvious a security risk as allowing a backdoor to an interactive ksh shell as root.
Daniel
/spectrum_storage-banne

 
Spectrum Scale Logo
 
  
Dr Daniel Kidger
IBM Technical Sales Specialist
Software Defined Solution Sales

+44-07818 522 266
[email protected]
 
 

 
 
 
----- Original message -----
From: "Oesterlin, Robert" <[email protected]>
Sent by: [email protected]
To: gpfsug main discussion list <[email protected]>
Cc:
Subject: [gpfsug-discuss] GPFS/Spectrum Scale security vulernability - All versions
Date: Tue, May 31, 2016 12:57 PM
 

IBM published a security vulnerability today that effects all current and prior levels of GPFS/Spectrum Scale. The short explanation is "IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root." This is a "high" vulnerability (8.4).

 

Details here: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005781

 

 

Bob Oesterlin
Sr Storage Engineer, Nuance HPC Grid

 

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss

Reply via email to