Opened 13 years ago

Closed 9 years ago

Last modified 4 years ago

#508 closed defect (fixed)

IZ2553: /tmp/*_messages files are subject to symlink vulnerabilities

Reported by: brooks Owned by: Dave Love <d.love@…>
Priority: high Milestone: 8.0.0e
Component: sge Version: current
Severity: major Keywords: security execution
Cc:

Description (last modified by admin)

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=2553]

        Issue #:      2553             Platform:     All       Reporter: brooks (brooks)
       Component:     gridengine          OS:        All
     Subcomponent:    execution        Version:      current      CC:    None defined
        Status:       NEW              Priority:     P3
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    pollinger (pollinger)
      QA Contact:     pollinger
          URL:
       * Summary:     /tmp/*_messages files are subject to symlink vulnerabilities
   Status whiteboard:
      Attachments:

     Issue 2553 blocks:
   Votes for issue 2553:


   Opened: Thu Apr 10 13:48:00 -0700 2008 
------------------------


As far as I can tell, the /tmp/*_messages files deamons use early in startup
are created without the exclusive flag.  As a result, ordinary users can
create symlinks in their place and cause the daemons to write to arbitrary
files.  The files should either be opened exclusivly or the locations should
be changed to a location not writable by ordinary users.

Change History (5)

comment:1 Changed 10 years ago by dlove

  • Keywords security added; removed
  • Milestone set to 6.2u5.1
  • Priority changed from normal to high
  • Severity set to major

comment:2 Changed 9 years ago by admin

  • Description modified (diff)
  • Milestone changed from 8.0.0a to 8.0.0c

comment:3 Changed 9 years ago by dlove

  • Milestone changed from 8.0.0c to 8.0.0d

This isn't so easy to sort out directly. I'm inclined to use syslog before writing
to the spool area, but I don't know if that works in MS Windows. Otherwise, the
thing to do seems to be to make a file initially safely with mkstemp and delete it
later if it wasn't used.

comment:4 Changed 9 years ago by admin

  • Milestone changed from 8.0.0d to 8.0.0e

comment:5 Changed 9 years ago by Dave Love <d.love@…>

  • Owner set to Dave Love <d.love@…>
  • Resolution set to fixed
  • Status changed from new to closed

In [4186/sge]:

(The changeset message doesn't reference this ticket)

Note: See TracTickets for help on using tickets.