Re: tm_adopt() vulnerability in TORQUE Resource Manager

[Solar Designer <solar () openwall com>]

On Thu, Oct 02, 2014 at 03:26:21PM -0600, Chad Vizino wrote:
> Within a TORQUE Resource Manager job, the tm_adopt() TORQUE library call
> enables a user-built executable calling tm_adopt() to adopt any session id
> (and its child processes) regardless of the session id owner on any node
> within a job. When a job that includes the executable calling tm_adopt()
> exits, the adopted processes are killed along with the job processes during
> normal job cleanup. This can enable a non-root user to kill processes
> he/she doesn't own including root-owned ones on any node in a job.

Chad - thank you for posting this!

All - Chad had brought this issue to the distros list yesterday (not
realizing that public issues like it should go to oss-security right
away, which we've explained), and it was assigned CVE-2014-3684.

> The issue has been fixed in the following commit numbers for the listed
> TORQUE Resource Manager versions:
>
> 4.2-dev
> 967cdc80150690459a47a35a658abeee0ca6e5cb
> f2f4c950f3d461a249111c8826da3beaafccace9
>
> 4.5-dev
> 6c4a57b2d7a56b5bda1c57e2af425ff517ffe331
>
> 5.0-dev
> e2b6253b62fe7e59c5852e2b914b71a095328558
>
> develop
> dd7f729eedead89c9253707f85572706077ff1d3

These commits can be seen at:

https://github.com/adaptivecomputing/torque

Alexander