Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] security problems with Condor 7.6.2

Date: Tue, 16 Aug 2011 07:57:17 -0500
From: Zachary Miller <zmiller@xxxxxxxxxxx>
Subject: Re: [Condor-users] security problems with Condor 7.6.2

> An unprivileged user copies the system condor_config file and now has write
> access to their own copy.
> 
> They then edit their own copy to their lliking, point their CONDOR_CONFIG
> environment variable at it and issue a condor_reconfig.
> 
> Would this not change the system configuration ?

it would not change it.  when the condor_master receives the reconfig command,
the user's environment variable has no impact on the condor_master, and it
reads the condor_config from the same place it did before.  its environment is
separate from an arbitrary user's.


> On the other bit, I did try clearing out all of the HOSTALLOW authorizations by
> setting them to null but I still go the same thing.

one useful thing to try is:
  condor_config_val -dump | grep -i allow

just in case you missed any.


cheers,
-zach

Follow-Ups:
- Re: [Condor-users] security problems with Condor 7.6.2
  - From: Smith, Ian

References:
- [Condor-users] security problems with Condor 7.6.2
  - From: Smith, Ian
- Re: [Condor-users] security problems with Condor 7.6.2
  - From: Dan Bradley
- Re: [Condor-users] security problems with Condor 7.6.2
  - From: Smith, Ian

Prev by Date: Re: [Condor-users] security problems with Condor 7.6.2
Next by Date: [Condor-users] Max number of nodes on a condor cluster
Previous by thread: Re: [Condor-users] security problems with Condor 7.6.2
Next by thread: Re: [Condor-users] security problems with Condor 7.6.2
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] security problems with Condor 7.6.2