We had to set ENABLE_SUBMIT_LIB_PATH=TRUE in UGE 8.6.5, as without it we had complaints from users as paths set using qsub -V being ignored was a change in expected behaviour.
Mike > It might be a UGE thing; I do know that a user ran into this problem circa > UGE 8.3. I haven't tested more recent releases since we try to push our users > from depending on particular submission environments for reproducibility > reasons. On Wed, Jan 22, 2020 at 03:55:25PM +0000, Hay, William wrote: > On Tue, Jan 21, 2020 at 03:51:01PM +0000, Skylar Thompson wrote: > > -V strips out PATH and LD_LIBRARY_PATH for security reasons, since > > prolog > > I don't think this is the case. I've just experimented with one of > our 8.1.9 clusters and I can set arbitrary PATHs run qsub -V and have > the value I set show up in the environment of the job. More likely > the job is being run with a shell that is configured as a login shell > and the init scripts for the shell are stomping on the value of PATH. > > > and epilog scripts run with the submission environment but possibly > > in the context of a different user (i.e. a user could point a > > root-running prolog script at compromised binaries or C library). > > This is something slightly different. The prolog and epilog used to > run with the exact same environment as the job. This opened up an > attack vector , especially if the prolog or epilog were run as a > privileged user rather than the job owner. The environment in which > the prolog and eiplog are run is now sanitised. > > William -- -- Skylar Thompson (skyl...@u.washington.edu) -- Genome Sciences Department, System Administrator -- Foege Building S046, (206)-685-7354 -- University of Washington School of Medicine _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
