Opened 16 years ago

Closed 8 years ago

#118 closed defect (fixed)

IZ659: sge_execd creates world-writeable files in active_jobs directory

Reported by: gsregid Owned by:
Priority: lowest Milestone:
Component: sge Version: 5.3p5
Severity: minor Keywords: PC Linux cleanup
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=659]

        Issue #:      659              Platform:     PC       Reporter: gsregid (gsregid)
       Component:     gridengine          OS:        Linux
     Subcomponent:    cleanup          Version:      5.3p5       CC:    None defined
        Status:       NEW              Priority:     P5
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    ernst (ernst)
      QA Contact:     ernst
          URL:
       * Summary:     sge_execd creates world-writeable files in active_jobs directory
   Status whiteboard:
      Attachments:

     Issue 659 blocks:
   Votes for issue 659:


   Opened: Wed Feb 4 09:50:00 -0700 2004 
------------------------


Using sge-5.3p5 on Linux (x86, kernel 2.4, glibc
>= 2.2):

When a new job is submitted using qsub, on the
execution host, <exec_host>, in the directory in
<execd_spool_dir>/<exec_host>/active_jobs, a new
directory is created (e.g., <job_id>.1) in which
the three files ("error", "trace", and
"exit_status") are created with permissions of
0666 which gives write permission to all users.

I downloaded the source "Grid Engine 5.3p5 source
tarball, V53p5_TAG" and found the following calls
to "creat()" in the
"source/daemons/common/err_trace.c" file:

err_trace.c:213:      if ((fd=creat("error",
0666))>=0)
err_trace.c:220:      if ((fd=creat("trace",
0666))>=0)
err_trace.c:227:      if ((fd=creat("exit_status",
0666))>=0)

The numbers 213, 220, 227 are the line numbers
within err_trace.c.  I recommend using permissions
of 0664 to avoid allowing all users to write to
these files.

As of 2004-02-04, the most recent revision of this
file (1.6) in the CVS repository still contained
the above calls to creat() with 0666 permissions.

Thank you for your time.  Please contact me with
any questions/comments.

Change History (2)

comment:1 Changed 10 years ago by dlove

  • Severity set to minor

Still a problem in 6.2u5.

comment:2 Changed 8 years ago by dlove

  • Resolution set to fixed
  • Status changed from new to closed

See #1370

Note: See TracTickets for help on using tickets.