Open Grid Scheduler already filters $PYTHONPATH. But as mentioned by Rayson earlier, the list can grow and we can only handle the common ones.
With the totally clean environment approach, I believe it is going to break something. -Ron ----- Original Message ----- From: Andreas Haupt <[email protected]> To: [email protected] Cc: Sent: Thursday, April 19, 2012 2:24 AM Subject: Re: [gridengine users] Security hole in most versions of Grid Engine On Tue, 2012-04-17 at 23:58 +0200, Reuti wrote: > I don't know how it was fixed now, but one approach could be: if run as root, > clear all env var except the SGE_* ones. IIRC this is the way Torque starts > prolog/epilog. I would second this approach, but actually not only for root. There are so many variables around that could interfere or break typical prolog/epilog scripts (not only shell scripts but also python, perl, ..., with e.g. modified $PYTHONPATH). That's why set up a clean env for those scripts, extend it by the $SGE_ vars and everything should be fine. Or did I miss something? Cheers, Andreas -- | Andreas Haupt | E-Mail: [email protected] | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216 _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
