Am 17.04.2012 um 23:39 schrieb Rayson Ho: > On Tue, Apr 17, 2012 at 5:34 PM, Reuti <[email protected]> wrote: >> If you run a prolog/epilog script under root account there might be even >> more depending on $PATH or other used (uninitialized) environment variables >> which are used therein. > > If you Google for this kind of security bugs, you will find that there > is always *1 more* env var that can change the behavior but is not > filtered in other software.
I don't know how it was fixed now, but one approach could be: if run as root, clear all env var except the SGE_* ones. IIRC this is the way Torque starts prolog/epilog. -- Reuti > Rayson > > P.S. I will update the Open Grid Scheduler project homepage shortly. > >> >> The best is to run them just as the ordinary user who runs the job anyway. >> >> NB: Don't forget about start/stop_proc_args ;-) >> >> -- Reuti >> >> >>> If you use the builtin daemons and don't have prolog or epilog running >>> with elevated privileges then you should be safe. >>> >>> All the major forks (Son of Grid Engine,Open Grid Scheduler, Univa >>> Grid Engine and Oracle Grid Engine) and several linux distros have >>> prepared patched versions which they should be releasing imminently. >>> >>> If you can't upgrade immediately then it should be possible to >>> protect your system by using a statically linked binary to sanitize >>> the environment. On RedHat and compatible versions of Linux busybox >>> is linked statically and provides an env command that can be used to >>> remove dangerous variables. On Debian and derivatives you need to >>> ensure you have the busybox-static package installed rather than plain >>> busybox. >>> >>> You can then protect your code with something like the following: >>> prolog root@/sbin/busybox env -u BASH_ENV -u >>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERLLIB -u IFS >>> /cm/shared/apps/sge/current/cm/prolog >>> epilog root@/sbin/busybox env -u BASH_ENV -u >>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERLLIB -u IFS >>> /cm/shared/apps/sge/current/cm/epilog >>> rlogin_daemon /sbin/busybox env -u BASH_ENV -u >>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERL5LIB -u PERLLIB -u >>> IFS /cm/shared/apps/sge/assist/bin/qrlogind >>> qlogin_daemon /sbin/busybox env -u BASH_ENV -u >>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERL5LIB -u PERLLIB -u >>> IFS /cm/shared/apps/sge/assist/bin/qlogind >>> rsh_daemon /sbin/busybox env -u BASH_ENV -u >>> LD_LIBRARY_PATH -u LD_PRELOAD -u PERL5OPT -u PERL5LIB -u PERLLIB -u >>> IFS /cm/shared/apps/sge/assist/bin/qrshd >>> >>> The above examples also remove a few other variables that the >>> interpreters we use for our scripts at UCL are sensitive to, >>> >>> Dave Love(of SoGE) has created a small wrapper program that removes >>> the various dynamic linker controlling variables with significantly >>> less verbiage which he should be releasing shortly. >>> >>> >>> >>> William >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> https://gridengine.org/mailman/listinfo/users >> >> >> _______________________________________________ >> users mailing list >> [email protected] >> https://gridengine.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
