oss-sec mailing list archives
tm_adopt() vulnerability in TORQUE Resource Manager
From: Chad Vizino <cvizino () adaptivecomputing com>
Date: Thu, 2 Oct 2014 15:26:21 -0600
Within a TORQUE Resource Manager job, the tm_adopt() TORQUE library call enables a user-built executable calling tm_adopt() to adopt any session id (and its child processes) regardless of the session id owner on any node within a job. When a job that includes the executable calling tm_adopt() exits, the adopted processes are killed along with the job processes during normal job cleanup. This can enable a non-root user to kill processes he/she doesn't own including root-owned ones on any node in a job. The issue has been fixed in the following commit numbers for the listed TORQUE Resource Manager versions: 4.2-dev 967cdc80150690459a47a35a658abeee0ca6e5cb f2f4c950f3d461a249111c8826da3beaafccace9 4.5-dev 6c4a57b2d7a56b5bda1c57e2af425ff517ffe331 5.0-dev e2b6253b62fe7e59c5852e2b914b71a095328558 develop dd7f729eedead89c9253707f85572706077ff1d3 -- Chad Vizino Adaptive Computing
Current thread:
- tm_adopt() vulnerability in TORQUE Resource Manager Chad Vizino (Oct 02)
- Re: tm_adopt() vulnerability in TORQUE Resource Manager Solar Designer (Oct 02)