[GE users] Details on rsh Security Bug Fixed in 6.0u7_1

Andy Schwierskott andy.schwierskott at sun.com
Tue Jan 24 09:25:33 GMT 2006


Hi,

as a side note: the vulnerability does not require a running Grid Engine
system.

The "workaround" is to remove the SUID root bit from the rsh binary or
delete the binary. Both however make the "qrsh" functionality unavailable
(including parallel support with tight integration).

We'll also update the 5.3 courtesy binaries shortly and release 5.3p7 which
comes with very few additional fixes. The list of fixes will be available
under

    http://gridengine.sunsource.net/project/gridengine/53patches.txt

Andy

> Daniel is right, the bug is fixed in the 5.3 branch as well and included in 
> 5.3p7.
>
> Roland
>
> Daniel Templeton wrote:
>> Rayson,
>> 
>> As I understand it, we have also released a 5.3p7 patch which includes
>> the rsh fix.
>> 
>> Daniel
>> 
>> Rayson Ho wrote On 01/23/06 21:14,:
>> 
>> 
>>> Any plans to backport the fix to the 5.3 branch?? AFAIK, FreeBSD and
>>> NetBSD by default use the 5.3 branch...
>>> 
>>> Brooks, does the "port" pull the source directly from the GE project
>>> cvs or does it pull a special source tarball from the freebsd ftp
>>> site??
>>> 
>>> Rayson
>>> 
>>> 
>>> 
>>> On 1/23/06, Brooks Davis <brooks at aero.org> wrote:
>>> 
>>> 
>>> 
>>>> Similarly, I'm interested in knowing if this effects SGE 5.  If it does,
>>>> I need to mark the FreeBSD ports forbidden and add appropriate entries
>>>> to the vulnerabilities database.
>>>> 
>>>> -- Brooks
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>>>> For additional commands, e-mail: users-help at gridengine.sunsource.net
>>>> 
>>>> 
>>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>>> For additional commands, e-mail: users-help at gridengine.sunsource.net
>>> 
>>> 
>>> 
>> 
>> 
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list