Opened 13 years ago

Last modified 9 years ago

#334 new defect

IZ1984: an execd can always kill another execd as admin

Reported by: templedf Owned by:
Priority: normal Milestone:
Component: sge Version: 6.0u4
Severity: Keywords: Sun qmaster
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=1984]

        Issue #:      1984             Platform:     Sun      Reporter: templedf (templedf)
       Component:     gridengine          OS:        All
     Subcomponent:    qmaster          Version:      6.0u4       CC:    None defined
        Status:       NEW              Priority:     P3
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    ernst (ernst)
      QA Contact:     ernst
          URL:
       * Summary:     an execd can always kill another execd as admin
   Status whiteboard:
      Attachments:

     Issue 1984 blocks:
   Votes for issue 1984:


   Opened: Thu Feb 16 12:21:00 -0700 2006 
------------------------


Regardless of whether the execd is a submit host or an admin host, it is always
granted permission to kill an execution daemon if the user id allows it.  The
code which implements -ke only checks for host permissions on the client side,
i.e. in qconf.  The qmaster does not double-check.  This leaves open the
possibility of modifying qconf to always report the user as root and not to do
the host permission check, to create a qconf which when run from an execd host
can kill execds at will.

I have not checked how far back the issue goes.  It is at least in u4-u7.

Would using CSP solve the problem?

Change History (0)

Note: See TracTickets for help on using tickets.