oss-sec mailing list archives
Re: tm_adopt() vulnerability in TORQUE Resource Manager
From: Solar Designer <solar () openwall com>
Date: Fri, 3 Oct 2014 01:38:54 +0400
On Thu, Oct 02, 2014 at 03:26:21PM -0600, Chad Vizino wrote:
Within a TORQUE Resource Manager job, the tm_adopt() TORQUE library call enables a user-built executable calling tm_adopt() to adopt any session id (and its child processes) regardless of the session id owner on any node within a job. When a job that includes the executable calling tm_adopt() exits, the adopted processes are killed along with the job processes during normal job cleanup. This can enable a non-root user to kill processes he/she doesn't own including root-owned ones on any node in a job.
Chad - thank you for posting this! All - Chad had brought this issue to the distros list yesterday (not realizing that public issues like it should go to oss-security right away, which we've explained), and it was assigned CVE-2014-3684.
The issue has been fixed in the following commit numbers for the listed TORQUE Resource Manager versions: 4.2-dev 967cdc80150690459a47a35a658abeee0ca6e5cb f2f4c950f3d461a249111c8826da3beaafccace9 4.5-dev 6c4a57b2d7a56b5bda1c57e2af425ff517ffe331 5.0-dev e2b6253b62fe7e59c5852e2b914b71a095328558 develop dd7f729eedead89c9253707f85572706077ff1d3
These commits can be seen at: https://github.com/adaptivecomputing/torque Alexander
Current thread:
- tm_adopt() vulnerability in TORQUE Resource Manager Chad Vizino (Oct 02)
- Re: tm_adopt() vulnerability in TORQUE Resource Manager Solar Designer (Oct 02)