[GE users] Details on rsh Security Bug Fixed in 6.0u7_1

Brooks Davis brooks at aero.org
Mon Jan 23 20:23:37 GMT 2006


On Mon, Jan 23, 2006 at 03:14:03PM -0500, Rayson Ho wrote:
> Any plans to backport the fix to the 5.3 branch?? AFAIK, FreeBSD and
> NetBSD by default use the 5.3 branch...

FreeBSD defaults to 6.0, but has ports for 5.3.  I'm going to mark them
forbidden for now, but may fix them later.  It looks like it's a pretty
trivial change.  Oddly, it appears that this was fixed if 4.4BSD so
these RSH sources either predate that or where broken at some point.

> Brooks, does the "port" pull the source directly from the GE project
> cvs or does it pull a special source tarball from the freebsd ftp
> site??

The 5.3 ports pull a tarball from the FreeBSD ftp sites.  The 6.0 port
uses the official release tarballs.  That's kind of a pain because you
have to add a dependency on wget to make it work because the gridengine
website weirdly requires cookies to download files and the base URL
changes every time, but it works.  I'll be updating the 6.0 port today.

-- Brooks

> On 1/23/06, Brooks Davis <brooks at aero.org> wrote:
> > Similarly, I'm interested in knowing if this effects SGE 5.  If it does,
> > I need to mark the FreeBSD ports forbidden and add appropriate entries
> > to the vulnerabilities database.
> >
> > -- Brooks
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> > For additional commands, e-mail: users-help at gridengine.sunsource.net
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail: users-help at gridengine.sunsource.net
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list