Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-cluster/torque/files/TRQ-2885-limit-tm_adopt-to-only-adopt-a-session-id-t.patch
blob: 63713a0bc16f013a29127e1f9f6770177a20e709 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

From f2f4c950f3d461a249111c8826da3beaafccace9 Mon Sep 17 00:00:00 2001
From: Chad Vizino <cvizino@adaptivecomputing.com>
Date: Tue, 23 Sep 2014 17:40:59 -0600
Subject: [PATCH 1/2] TRQ-2885 - limit tm_adopt() to only adopt a session id
 that is owned by the calling user.

---
 src/cmds/pbs_track.c             |  6 ++++++
 src/include/tm.h                 |  2 +-
 src/include/tm_.h                |  1 +
 src/lib/Libifl/tm.c              | 37 ++++++++++++++++++++++++++++++++++---
 5 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/src/cmds/pbs_track.c b/src/cmds/pbs_track.c
index 7a90fda..9383ea5 100644
--- a/src/cmds/pbs_track.c
+++ b/src/cmds/pbs_track.c
@@ -164,6 +164,12 @@ int main(
 
         break;
 
+      case TM_EPERM:
+
+        fprintf(stderr, "pbs_track: permission denied: %s (%d)\n",
+                pbse_to_txt(rc),
+                rc);
+
       default:
 
         /* Unexpected error occurred */
diff --git a/src/include/tm.h b/src/include/tm.h
index 106d3fb..2288828 100644
--- a/src/include/tm.h
+++ b/src/include/tm.h
@@ -125,7 +125,7 @@ int tm_register(tm_whattodo_t *what,
 /*
  *  DJH 15 Nov 2001.
  *  Generic "out-of-band" task adoption call for tasks parented by
- *  another job management system.  Minor security hole?
+ *  another job management system.
  *  Cannot be called with any other tm call.
  *  26 Feb 2002. Allows id to be jobid (adoptCmd = TM_ADOPT_JOBID)
  *  or some altid (adoptCmd = TM_ADOPT_ALTID)
diff --git a/src/include/tm_.h b/src/include/tm_.h
index c9393b9..8cae7b0 100644
--- a/src/include/tm_.h
+++ b/src/include/tm_.h
@@ -136,6 +136,7 @@ typedef unsigned int tm_task_id;
 #define TM_EBADENVIRONMENT 17005
 #define TM_ENOTFOUND  17006
 #define TM_BADINIT  17007
+#define TM_EPERM  17008
 
 #define TM_TODO_NOP 5000 /* Do nothing (the nodes value may be new) */
 #define TM_TODO_CKPT 5001 /* Checkpoint <what> and continue it */
diff --git a/src/lib/Libifl/iff --git a/src/lib/Libifl/tm.c b/src/lib/Libifl/tm.c
index edb6273..4f38529 100644
--- a/src/lib/Libifl/tm.c
+++ b/src/lib/Libifl/tm.c
@@ -94,6 +94,7 @@
 #include <errno.h>
 #include <assert.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <netinet/in.h>
@@ -169,6 +170,31 @@ typedef struct event_info
 static event_info *event_hash[EVENT_HASH];
 
 /*
+ * check if the owner of this process matches the owner of pid
+ *  returns TRUE if so, FALSE otherwise
+ */
+bool ispidowner(pid_t pid)
+  {
+  char        path[MAXPATHLEN];
+  struct stat sbuf;
+
+  /* build path to pid */
+  snprintf(path, sizeof(path), "/proc/%d", pid);
+
+  /* do the stat */
+  /*   if it fails, assume not owner */
+  if (stat(path, &sbuf) != 0)
+    return(FALSE);
+ 
+  /* see if caller is the owner of pid */
+  if (getuid() != sbuf.st_uid)
+    return(FALSE);
+
+  /* caller is owner */
+  return(TRUE);
+  }
+
+/*
 ** Find an event number or return a NULL.
 */
 event_info *find_event(
@@ -1800,8 +1826,8 @@ tm_poll_error:
  *     some mpiruns simply use rsh to start remote processes - no AMS
  *     tracking or management facilities are available.
  *
- *     This function allows any task (session) to be adopted into a PBS
- *     job. It is used by:
+ *     This function allows any task (session) owned by the owner
+ *     of the job to be adopted into a PBS job. It is used by:
  *         -  "adopter" (which is in turn used by our pvmrun)
  *         -  our rmsloader wrapper (a home-brew replacement for RMS'
  *            rmsloader that does some work and then exec()s the real
@@ -1835,7 +1861,8 @@ tm_poll_error:
  *     the mom. Returns TM_ENOTFOUND if the mom couldn't find a job
  *     with the given RMS resource id. Returns TM_ESYSTEM or
  *     TM_ENOTCONNECTED if there was some sort of comms error talking
- *     to the mom
+ *     to the mom. Returns TM_EPERM if an attempt was made to adopt
+ *     a session not owned by the owner of the job.
  *
  * Side effects:
  *     Sets the tm_* globals to fake values if tm_init() has never
@@ -1860,6 +1887,10 @@ int tm_adopt(
 
   sid = getsid(pid);
 
+  /* do not adopt a sid not owned by caller */
+  if (!ispidowner(sid))
+    return(TM_EPERM);
+
   /* Must be the only call to call to tm and
      must only be called once */
 
-- 
1.8.3.2