[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] security problems with Condor 7.6.2
- Date: Tue, 16 Aug 2011 07:57:17 -0500
- From: Zachary Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [Condor-users] security problems with Condor 7.6.2
> An unprivileged user copies the system condor_config file and now has write
> access to their own copy.
> They then edit their own copy to their lliking, point their CONDOR_CONFIG
> environment variable at it and issue a condor_reconfig.
> Would this not change the system configuration ?
it would not change it. when the condor_master receives the reconfig command,
the user's environment variable has no impact on the condor_master, and it
reads the condor_config from the same place it did before. its environment is
separate from an arbitrary user's.
> On the other bit, I did try clearing out all of the HOSTALLOW authorizations by
> setting them to null but I still go the same thing.
one useful thing to try is:
condor_config_val -dump | grep -i allow
just in case you missed any.