Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] security problems with Condor 7.6.2

Hi Dan/Zach,

 

Thanks for the quick reply. Non-admin users don’t have write access to the condor_config file but what about this scenario:

 

An unprivileged user copies the system condor_config file and now has write access to their own copy.

They then edit their own copy to their lliking, point their CONDOR_CONFIG environment variable at it and issue a condor_reconfig.

Would this not change the system configuration ? Or are there some values that cannot be changed without ADMINISTRATOR

authorization ?

 

On the other bit, I did try clearing out all of the HOSTALLOW authorizations by setting them to null but I still go the same thing.

 

thanks,

 

-ian.

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Dan Bradley
Sent: 15 August 2011 16:32
To: condor-users@xxxxxxxxxxx
Subject: Re: [Condor-users] security problems with Condor 7.6.2

 

Ian,

For better or worse, "reconfig" is just a write-level command.  It does not require CONFIG or ADMINISTRATOR access.

The ability to set configuration values with condor_config_val is different.  That requires CONFIG level access.

As for why the WRITE-level authorization is being applied to the whole host ... does your configuration define HOSTALLOW_WRITE?  The HOSTALLOW settings are added to the ALLOW settings.

--Dan

On 8/15/11 10:12 AM, Smith, Ian wrote:

Dear All,

 

I’m trying to set up a new Condor central manager / submit host using v. 7.6.2 but I’m tearing my

hair out over a potential security hole. It seems that if I give ordinary users WRITE access so that

the can submit jobs then they are also capable of reconfiguring the Condor installation (bit of

a scary thought !) and there seems to be no way of preventing them from doing this without

preventing them from submitting jobs (Catch 22).

 

In my condor_config I have

 

SEC_DEFAULT_AUTHENTICATION=REQUIRED

SEC_DEFAULT_AUTHENTICATION_METHODS=FS

 

CONDOR_USERS = smithic@xxxxxxxxxxxxxxx/ulgp5.liv.ac.uk

ADMIN_USERS  = condor@xxxxxxxxxxxxxxx/ulgp5.liv.ac.uk

 

ALLOW_WRITE =  $(CONDOR_USERS), $(ADMIN_USERS)

ALLOW_ADMINISTRATOR = $(ADMIN_USERS)

ALLOW_DAEMON = $(ADMIN_USERS)

ALLOW_CONFIG = $(ADMIN_USERS)

 

(I’ve not put in the execute hosts yet – I’m trying to keep it simple to begin with).

 

When I do a condor_reconfig as a non-admin user I get see this in MasterLog

 

PERMISSION GRANTED to smithic@xxxxxxxxxxxxxxx from host 138.253.100.17

for command 60012 (DC_RECONFIG_FULL), access level WRITE: reason:

WRITE authorization policy allows IP address 138.253.100.17; identifiers used for this remote host:

138.253.100.17,ulgp5.liv.ac.uk,ulgp5

 

It seems as if the host based authorization is taking precedence over the user based authorization.

I’m wondering if this is something to do with the move to drop/discourage the use of HOSTALLOW_*

 

Any help with this would be extremely useful as I’ve been stuck on this for a week now.

 

Many thanks,

 

-ian.

....

 

Advanced Research Computing,

University of Liverpool, UK.

 

PS I’m using Scientific Linux 6.1 on an x86_64 Dell server.

 

 

 

 

 




_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
 
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/