Am 19.04.2012 um 08:32 schrieb Ron Chen: > Open Grid Scheduler already filters $PYTHONPATH. > > But as mentioned by Rayson earlier, the list can grow and we can only handle > the common ones. > > With the totally clean environment approach, I believe it is going to break > something.
I though the same. What about @@: root@/the/script /the/script and root@@/the/script @@/the/script to tell SGE to deliver a clean one (maybe except $SGE_*, OTOH you could supply some in the wrapper definition as argument like $job_id $job_name). -- Reuti > -Ron > > > > > ----- Original Message ----- > From: Andreas Haupt <[email protected]> > To: [email protected] > Cc: > Sent: Thursday, April 19, 2012 2:24 AM > Subject: Re: [gridengine users] Security hole in most versions of Grid Engine > > On Tue, 2012-04-17 at 23:58 +0200, Reuti wrote: >> I don't know how it was fixed now, but one approach could be: if run as >> root, clear all env var except the SGE_* ones. IIRC this is the way Torque >> starts prolog/epilog. > > I would second this approach, but actually not only for root. There are > so many variables around that could interfere or break typical > prolog/epilog scripts (not only shell scripts but also python, > perl, ..., with e.g. modified $PYTHONPATH). That's why set up a clean > env for those scripts, extend it by the $SGE_ vars and everything should > be fine. Or did I miss something? > > Cheers, > Andreas > -- > | Andreas Haupt | E-Mail: [email protected] > | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt > | Platanenallee 6 | Phone: +49/33762/7-7359 > | D-15738 Zeuthen | Fax: +49/33762/7-7216 > > > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
