It might be a UGE thing; I do know that a user ran into this problem circa UGE 8.3. I haven't tested more recent releases since we try to push our users from depending on particular submission environments for reproducibility reasons.
On Wed, Jan 22, 2020 at 03:55:25PM +0000, Hay, William wrote: > On Tue, Jan 21, 2020 at 03:51:01PM +0000, Skylar Thompson wrote: > > -V strips out PATH and LD_LIBRARY_PATH for security reasons, since prolog > > I don't think this is the case. I've just experimented with one of our 8.1.9 > clusters and I can set arbitrary PATHs run qsub -V and have the value I set > show up in the environment of the job. More likely the job is being run with > a shell that is configured as a login shell and the init scripts for the shell > are stomping on the value of PATH. > > > and epilog scripts run with the submission environment but possibly in the > > context of a different user (i.e. a user could point a root-running prolog > > script at compromised binaries or C library). > > This is something slightly different. The prolog and epilog used to run with > the exact same environment as the job. This opened up an attack vector , > especially if the prolog or epilog were run as a privileged user rather than > the job owner. The environment in which the prolog and eiplog > are run is now sanitised. > > William -- -- Skylar Thompson (skyl...@u.washington.edu) -- Genome Sciences Department, System Administrator -- Foege Building S046, (206)-685-7354 -- University of Washington School of Medicine _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
