Grid Engine Homepage

Open Grid Scheduler

2012-04-17

  1. Code injection via LD_* environment variables
  2. rshd, prolog, etc run as root and start in the job's environment. Users can gain root access on the execution hosts by passing in LD_* variables via job submission:

    % qsub -v LD_PRELOAD=/path/myevil.so job.sh

    Apply this patch for SGE 6.2u5 clusters, and apply this patch for Grid Engine 2011.11 clusters. Patch against trunk is available.

    Precompiled binaries for x64 Linux are also available: patched sge_shepherd for SGE 6.2u5 and patched sge_shepherd for Grid Engine 2011.11.

  3. sgepasswd buffer overflow
  4. Buffers in sgepasswd (sgepasswd is setuid root) are not checked for overflow:

    % sgepasswd -d aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaa
    
    Segmentation fault
    
    Apply this patch, which works for both SGE 6.2u5 and 2011.11 clusters.

    Precompiled binaries for x64 Linux are also available: patched sgepasswd for SGE 6.2u5 and patched sgepasswd for Grid Engine 2011.11.

Installation

Installation hint: replace old sge_shepherd & sgepasswd binaries with the new ones. Remember to back up the old binaries, and test the patches before deploying them in production environments. You should back up your cluster configuration & job data (and stop running jobs) before installing patches.

We have in the past installed Grid Engine patches *without* stopping the whole cluster. However, it is not an officially supported method, and use it at your own risk!

  1. Disable queues temporarily to stop Grid Engine from dispatching new jobs
  2. Replace Grid Engine binary by doing:
  3. - mv old binary backup of old binary
    - bunzip2 patch.bz2
  4. Re-enable queues
Note: Oracle also fixed the issues above in their Critical Patch Update (CPU).