Custom Query – Son of Grid Engine

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=2194]

        Issue #:      2194             Platform:     All      Reporter: rhierlmeier (rhierlmeier)
       Component:     gridengine          OS:        All
     Subcomponent:    kernel           Version:      6.1         CC:    None defined
        Status:       NEW              Priority:     P3
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    andreas (andreas)
      QA Contact:     andreas
          URL:
       * Summary:     authuser binary returns unusable error message!
   Status whiteboard:
      Attachments:

     Issue 2194 blocks:
   Votes for issue 2194:


   Opened: Fri Feb 23 01:20:00 -0700 2007 
------------------------


This bug was filed in hedeby's issuezilla, but it definitly a gridengine bug.


During the hedeby installation the ca certs are fetch from the CA component. For
user authentification the utilbin/<arch>/authuser binary will be used. This
binary is a SUID binary -> the binary must be owed by user root, for proper working.
In cases where this binary is not owned by user root, the authuser returns an
unusable error message.

ToDo: The binary should check if root is the owner, if not return a message
which describes the problem. For installation issue it would be nice, if the
error could be provided to the installer, to give the user a good error description.

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=3005]

        Issue #:      3005             Platform:     Sun      Reporter: rhierlmeier (rhierlmeier)
       Component:     gridengine          OS:        All
     Subcomponent:    jgdi             Version:      6.2         CC:    None defined
        Status:       NEW              Priority:     P2
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    andre (andre)
      QA Contact:     andre
          URL:
       * Summary:     jgdi SSL connections from one client jvm to different SGE cluster might not work
   Status whiteboard:
      Attachments:

     Issue 3005 blocks:
   Votes for issue 3005:


   Opened: Sun Apr 19 22:34:00 -0700 2009 
------------------------


If in one jvm opens serveral jgdi connections to different qmasters at nearly the same time the SSL certificate validate can fail, even if
valid keystores and certificates are used.

The user see the following error message:

Caused by javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)


The problem is a bug in class com.sun.grid.jgdi.management.SSLHelper. The following member
variables must not be declared static:

public final class SSLHelper {
...
    private static SSLContext ctx;
    private static final GECAKeyManager keyManager = new GECAKeyManager();
    private static final GECATrustManager trustManager = new GECATrustManager();
    private static final Lock lock = new ReentrantLock();
...
}

However they are static and hence each jgdi connection gets the same SSLContext for a short time frame.

This is not a security vulnerability because the SSLContext is mixed up the SSL validation fails always.

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=245]

        Issue #:      245          Platform:     Sun           Reporter: rhierlmeier (rhierlmeier)
       Component:     hedeby          OS:        All
     Subcomponent:    util         Version:      current          CC:    None defined
        Status:       NEW          Priority:     P2
      Resolution:                 Issue type:    ENHANCEMENT
                               Target milestone: 1.0u5next
      Assigned to:    marcingoldyn (marcingoldyn)
      QA Contact:     rhierlmeier
          URL:
       * Summary:     Need a naming convention for all resource bundles
   Status whiteboard:
      Attachments:


     Issue 245 blocks:
   Votes for issue 245:     Vote for this issue


   Opened: Thu Nov 29 02:33:00 -0700 2007 
------------------------


   We have a lot of "dead" messages in our resource bundles. We need a testsuite
   test (or an ant task) which finds unused messages.
               ------- Additional comments from crei Mon Dec 3 01:56:57 -0700 2007 -------
   already submitted

   *** This issue has been marked as a duplicate of 208 ***
               ------- Additional comments from rhierlmeier Wed Feb 27 06:42:59 -0700 2008 -------
   With the fix of this issue we should cleanup the resource bundles.

   We need a naming convention for all resource bundles. We suggest that the
   name of the resource bundle is the name of the package without com.sun.grid.grm.

   We have to check what naming conventions the resource bundles have. May be dots
   are not allowed in it.

   service-impl.properties -> resource bundle for package com.sun.grid.grm.service.
               ------- Additional comments from rhierlmeier Thu Feb 28 02:47:26 -0700 2008 -------
   Reassigned
               ------- Additional comments from rhierlmeier Thu Feb 28 03:24:37 -0700 2008 -------
   It's now a task
               ------- Additional comments from crei Wed Aug 6 05:03:07 -0700 2008 -------
   Dead message detections filed as testsuite issue #220

   Still a hedeby task is the resource bundle naming convention task
               ------- Additional comments from crei Wed Aug 6 05:05:08 -0700 2008 -------
   Renamed Issue summary and changed subcomponent - issue is no testsuite issue
               ------- Additional comments from rhierlmeier Wed Aug 6 06:50:53 -0700 2008 -------
   It's a cleanup issue for future releases (ENHANCEMENT).
   Should be in the subcomponents infrastructure.
               ------- Additional comments from rhierlmeier Wed Nov 25 07:21:10 -0700 2009 -------
   Milestone changed

SGE

Context Navigation

Custom Query (431 matches)

Results (70 - 72 of 431)

Download in other formats:

Ticket	Resolution	Summary	Reporter
#405	fixed	IZ2194: authuser binary returns unusable error message!	rhierlmeier
Description	[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=2194] Issue #: 2194 Platform: All Reporter: rhierlmeier (rhierlmeier) Component: gridengine OS: All Subcomponent: kernel Version: 6.1 CC: None defined Status: NEW Priority: P3 Resolution: Issue type: DEFECT Target milestone: --- Assigned to: andreas (andreas) QA Contact: andreas URL: * Summary: authuser binary returns unusable error message! Status whiteboard: Attachments: Issue 2194 blocks: Votes for issue 2194: Opened: Fri Feb 23 01:20:00 -0700 2007 ------------------------ This bug was filed in hedeby's issuezilla, but it definitly a gridengine bug. During the hedeby installation the ca certs are fetch from the CA component. For user authentification the utilbin/<arch>/authuser binary will be used. This binary is a SUID binary -> the binary must be owed by user root, for proper working. In cases where this binary is not owned by user root, the authuser returns an unusable error message. ToDo: The binary should check if root is the owner, if not return a message which describes the problem. For installation issue it would be nice, if the error could be provided to the installer, to give the user a good error description.
#665	fixed	IZ3005: jgdi SSL connections from one client jvm to different SGE cluster might not work	rhierlmeier
Description	[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=3005] Issue #: 3005 Platform: Sun Reporter: rhierlmeier (rhierlmeier) Component: gridengine OS: All Subcomponent: jgdi Version: 6.2 CC: None defined Status: NEW Priority: P2 Resolution: Issue type: DEFECT Target milestone: --- Assigned to: andre (andre) QA Contact: andre URL: * Summary: jgdi SSL connections from one client jvm to different SGE cluster might not work Status whiteboard: Attachments: Issue 3005 blocks: Votes for issue 3005: Opened: Sun Apr 19 22:34:00 -0700 2009 ------------------------ If in one jvm opens serveral jgdi connections to different qmasters at nearly the same time the SSL certificate validate can fail, even if valid keystores and certificates are used. The user see the following error message: Caused by javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848 com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) The problem is a bug in class com.sun.grid.jgdi.management.SSLHelper. The following member variables must not be declared static: public final class SSLHelper { ... private static SSLContext ctx; private static final GECAKeyManager keyManager = new GECAKeyManager(); private static final GECATrustManager trustManager = new GECATrustManager(); private static final Lock lock = new ReentrantLock(); ... } However they are static and hence each jgdi connection gets the same SSLContext for a short time frame. This is not a security vulnerability because the SSLContext is mixed up the SSL validation fails always.
#867	duplicate	IZ245: Need a naming convention for all resource bundles	rhierlmeier
Description	[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=245] Issue #: 245 Platform: Sun Reporter: rhierlmeier (rhierlmeier) Component: hedeby OS: All Subcomponent: util Version: current CC: None defined Status: NEW Priority: P2 Resolution: Issue type: ENHANCEMENT Target milestone: 1.0u5next Assigned to: marcingoldyn (marcingoldyn) QA Contact: rhierlmeier URL: * Summary: Need a naming convention for all resource bundles Status whiteboard: Attachments: Issue 245 blocks: Votes for issue 245: Vote for this issue Opened: Thu Nov 29 02:33:00 -0700 2007 ------------------------ We have a lot of "dead" messages in our resource bundles. We need a testsuite test (or an ant task) which finds unused messages. ------- Additional comments from crei Mon Dec 3 01:56:57 -0700 2007 ------- already submitted * This issue has been marked as a duplicate of 208 * ------- Additional comments from rhierlmeier Wed Feb 27 06:42:59 -0700 2008 ------- With the fix of this issue we should cleanup the resource bundles. We need a naming convention for all resource bundles. We suggest that the name of the resource bundle is the name of the package without com.sun.grid.grm. We have to check what naming conventions the resource bundles have. May be dots are not allowed in it. service-impl.properties -> resource bundle for package com.sun.grid.grm.service. ------- Additional comments from rhierlmeier Thu Feb 28 02:47:26 -0700 2008 ------- Reassigned ------- Additional comments from rhierlmeier Thu Feb 28 03:24:37 -0700 2008 ------- It's now a task ------- Additional comments from crei Wed Aug 6 05:03:07 -0700 2008 ------- Dead message detections filed as testsuite issue #220 Still a hedeby task is the resource bundle naming convention task ------- Additional comments from crei Wed Aug 6 05:05:08 -0700 2008 ------- Renamed Issue summary and changed subcomponent - issue is no testsuite issue ------- Additional comments from rhierlmeier Wed Aug 6 06:50:53 -0700 2008 ------- It's a cleanup issue for future releases (ENHANCEMENT). Should be in the subcomponents infrastructure. ------- Additional comments from rhierlmeier Wed Nov 25 07:21:10 -0700 2009 ------- Milestone changed