[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] security problems with Condor 7.6.2

> An unprivileged user copies the system condor_config file and now has write
> access to their own copy.
> They then edit their own copy to their lliking, point their CONDOR_CONFIG
> environment variable at it and issue a condor_reconfig.
> Would this not change the system configuration ?

it would not change it.  when the condor_master receives the reconfig command,
the user's environment variable has no impact on the condor_master, and it
reads the condor_config from the same place it did before.  its environment is
separate from an arbitrary user's.

> On the other bit, I did try clearing out all of the HOSTALLOW authorizations by
> setting them to null but I still go the same thing.

one useful thing to try is:
  condor_config_val -dump | grep -i allow

just in case you missed any.