A long-overdue release is now available (post-security embargo) from <http://arc.liv.ac.uk/downloads/SGE/releases/8.0.0e/>. I hope it isn't badly messed up due to not being able to concentrate on it, and last-minute hitches. Binaries for Red Hat 6 and possibly others should appear later.
It mainly has security and build fixes. Of the two recently-announced security problems, the one is covered that affects non-default remote startup methods (sshd etc.) and running hook programs as another user. Buffer overruns in sgepasswd should be, but if you don't have MS Windows hosts and have it installed setuid, chmod -s sgepasswd is probably wise. You are only vulnerable to those with non-default remote startup (not "builtin"), "user@" hook methods, or a setuid sgepasswd(1). There are other security-related fixes, e.g. for possible daemon crashes and buffer overruns, but nothing easily exploitable other than for possible denial of service as far as I know. If you use ssh or other non-builtin remote startup, or a have a "user@" prolog etc., you can protect against compromise on execution hosts without installing a new version. Use the "safe_exec" wrapper from <http://arc.liv.ac.uk/downloads/SGE/support/>. See the safe_exec README, <http://arc.liv.ac.uk/SGE/htmlman/htmlman5/remote_startup.html>, <http://gridengine.org/pipermail/users/2012-April/003270.html>, and doubtless other stuff I haven't read yet. [The notes in remote_startup(5) and elsewhere should have been updated in the release -- to be fixed soon in the web version.] One new feature/incompatibility comes from avoiding somewhat unsafe /tmp usage: messages normally logged in the spool area can now go to syslog, and initial ones always do, instead of being written to /tmp. Release notes: Version 8.0.0e -------------- Mostly build and security issues * Bug fixes * Fix linker-dependent hwloc build failure. * Fix Java build with -no-hwloc * Fix spurious messages from deleting job spool directories. * Fix build error on Solaris 11 * Fix spec file for systems that use mandb [#1407] * Fix #777 (8.0.0d) properly * Allow building against berkeleydb 5 and with GNU ld --as-needed (e.g. Ubuntu 12.04) * Rename status(1) to qstatus(1) to avoid name clash with upstart * Update LICENCES with some missing items * Security fixes The first fix is for a trivial remote root by a valid user. The others, including fixes for potential buffer overruns in daemon and setuid programs, may or may not be exploitable. * Sanitize the environment before executing remote startup programs etc. Somewhat incompatible: LD_LIBRARY_PATH etc. may need to be set differently. See the security notes in remote_startup(5) and sge_conf(5). (CVE-2012-0208, thanks to William Hay) * Don't write initial log messages in /tmp [#508]. Somewhat incompatible: initial messages now in syslog. * Avoid using mktemp. (Probably not a significant problem.) * Control core dumps under setuid etc. with SGE_ENABLE_COREDUMP. (Not normally a security issue.) * Bounds checking in replace_params [#215] * Avoid execd crash and possible overruns [#1328] * Fixes for buffer overrun and other improvements for (setuid program) sgepasswd [including #386] * Enhancements * Logging can be configured to use syslog [#808] from fixing #508. _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
