Index: daemons/shepherd/shepherd.c =================================================================== --- daemons/shepherd/shepherd.c (revision 84) +++ daemons/shepherd/shepherd.c (working copy) @@ -2472,7 +2472,7 @@ { /* received any other signal */ #if defined(INTERIX) - sge_set_environment(); + sge_set_environment(true); if (strcmp(childname, "job") == 0 && wl_get_GUI_mode(get_conf_val("display_win_gui")) == true) { @@ -2654,7 +2654,7 @@ #if defined(INTERIX) /* */ - sge_set_environment(); + sge_set_environment(true); if (strcmp(childname, "job") == 0 && wl_get_GUI_mode(get_conf_val("display_win_gui")) == true) { if (npid != -1) { @@ -2923,7 +2923,7 @@ pid = getpid(); setpgid(pid, pid); setrlimits(0); - sge_set_environment(); + sge_set_environment(true); umask(022); tmp_str = search_conf_val("qsub_gid"); @@ -3226,6 +3226,9 @@ if (!strcmp(name, "PVM_TASK_ID")) strcpy(pvm_task_id, value); + if (is_dangerous_env(name)) + continue; + sge_set_env_value(name, value); } Index: daemons/shepherd/builtin_starter.c =================================================================== --- daemons/shepherd/builtin_starter.c (revision 84) +++ daemons/shepherd/builtin_starter.c (working copy) @@ -372,7 +372,7 @@ setrlimits(!strcmp(childname, "job")); shepherd_trace("setting environment"); - sge_set_environment(); + sge_set_environment(strcmp(childname, "job") || ( is_qlogin && !g_new_interactive_job_support)); /* Create the "error" and the "exit" status file here. * The "exit_status" file indicates that the son is started. @@ -962,6 +962,54 @@ return; } +int is_dangerous_env(const char *name) +{ + if (strncmp(name, "LD_", 3) == 0) + return true; + + if (strncmp(name, "PERL5LIB", 8) == 0) + return true; + + if (strncmp(name, "PERLLIB", 7) == 0) + return true; + + if (strncmp(name, "PERLOPT", 7) == 0) + return true; + + if (strncmp(name, "PYTHONPATH", 10) == 0) + return true; + + if (strncmp(name, "BASH_ENV", 8) == 0) + return true; + +#if defined(AIX) + if (strncmp(name, "LIBPATH", 7) == 0) + return true; + + if (strncmp(name, "LDR_PRELOAD", 11) == 0) + return true; + +#elif defined(DARWIN) + if (strncmp(name, "DYLD_", 5) == 0) + return true; + +#elif defined(HP11) + if (strncmp(name, "SHLIB_PATH", 10) == 0) + return true; + +#elif defined(LINUX) + if (strncmp(name, "MALLOC_TRACE", 12) == 0) + return true; + +#elif defined(IRIX) || defined(ALPHA) + if (strncmp(name, "_RLD_LIST", 9) == 0) + return true; +#endif + + return false; +} + + /****** Shepherd/sge_set_environment() ***************************************** * NAME * sge_set_environment () -- Read the environment from the "environment" file @@ -981,7 +1029,7 @@ * NOTES * MT-NOTE: sge_set_environment() is not MT safe *******************************************************************************/ -int sge_set_environment() +int sge_set_environment(int cleanenv) { const char *const filename = "environment"; FILE *fp; @@ -1019,6 +1067,7 @@ while (fgets(buf, sizeof(buf), fp)) { const char *new_value; + char new_name[128]; line++; @@ -1032,6 +1081,14 @@ shepherd_error(1, "error reading environment file: line=%d, contents:%s", line, buf); } + else if (cleanenv) + { + if (is_dangerous_env(name)) + { + snprintf(new_name, sizeof(new_name), "SGE_WRAP_%s", name); + name = new_name; + } + } value = strtok(NULL, "\n"); if (value == NULL) Index: daemons/shepherd/builtin_starter.h =================================================================== --- daemons/shepherd/builtin_starter.h (revision 84) +++ daemons/shepherd/builtin_starter.h (working copy) @@ -34,7 +34,8 @@ void son(const char *childname, char *script_file, int truncate_stderr_out); -int sge_set_environment(void); +int sge_set_environment(int); +int is_dangerous_env(const char *name); char** sge_get_environment(void); int sge_set_env_value(const char *, const char *); const char *sge_get_env_value(const char *);