From 21c3c37d3564b0accaacbb8fc54f7268c9b89b05 Mon Sep 17 00:00:00 2001
From: Moe Jette <jette1@llnl.gov>
Date: Tue, 17 Apr 2007 17:28:14 +0000
Subject: [PATCH] Disable setting triggers by other than user SlurmUser unless
SlurmUser is root for improved security.
---
NEWS | 2 ++
doc/man/man1/strigger.1 | 12 +++++++++++-
src/slurmctld/trigger_mgr.c | 22 ++++++++++++++++++++--
3 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index 071b77dc054..ba6a5e80863 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ documents those changes that are of interest to users and admins.
* Changes in SLURM 1.2.6
========================
-- Fix MPIRUN_PORT env variable in mvapich plugin
+ -- Disable setting triggers by other than user SlurmUser unless SlurmUser
+ is root for improved security.
* Changes in SLURM 1.2.5
========================
diff --git a/doc/man/man1/strigger.1 b/doc/man/man1/strigger.1
index f6f05e48a74..52d5a0ba89a 100644
--- a/doc/man/man1/strigger.1
+++ b/doc/man/man1/strigger.1
@@ -1,4 +1,4 @@
-.TH SCONTROL "1" "March 2007" "strigger 1.2" "Slurm components"
+.TH SCONTROL "1" "April 2007" "strigger 1.2" "Slurm components"
.SH "NAME"
strigger \- Used set, get or clear Slurm trigger information.
@@ -19,6 +19,16 @@ script.
Typical uses include notifying system administrators of node failures
and gracefully terminating a job when it's time limit is approaching.
+\fBNOTE:\fR This command can only set triggers if run by the
+user \fISlurmUser\fR unless \fISlurmUser\fR is configured as user root.
+This is required for the \fIslurmctld\fR daemon to set the appropriate
+user and group IDs for the executed program.
+Also note that the program is executed on the same node that the
+\fIslurmctld\fR daemon uses rather than some allocated compute node.
+To check the value of \fISlurmUser\fR, run the command:
+
+\fIscontrol show config | grep SlurmUser\fR
+
.SH "ARGUMENTS"
.TP
\fB\-\-block_err\fP
diff --git a/src/slurmctld/trigger_mgr.c b/src/slurmctld/trigger_mgr.c
index 2163bfa4732..4b0e5f49f57 100644
--- a/src/slurmctld/trigger_mgr.c
+++ b/src/slurmctld/trigger_mgr.c
@@ -45,12 +45,14 @@
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "src/common/bitstring.h"
#include "src/common/list.h"
+#include "src/common/uid.h"
#include "src/common/xmalloc.h"
#include "src/common/xstring.h"
#include "src/slurmctld/locks.h"
@@ -268,11 +270,24 @@ extern int trigger_set(uid_t uid, gid_t gid, trigger_info_msg_t *msg)
bitstr_t *bitmap = NULL;
trig_mgr_info_t * trig_add;
struct job_record *job_ptr;
+ /* Read config and job info */
slurmctld_lock_t job_read_lock =
- { NO_LOCK, READ_LOCK, NO_LOCK, NO_LOCK };
+ { READ_LOCK, READ_LOCK, NO_LOCK, NO_LOCK };
lock_slurmctld(job_read_lock);
slurm_mutex_lock(&trigger_mutex);
+
+ if ((slurmctld_conf.slurm_user_id != 0)
+ && (slurmctld_conf.slurm_user_id != uid)) {
+ /* If SlurmUser is not root, then it is unable to set the
+ * appropriate user id and group id for the program to be
+ * launched. To prevent the launched program for an arbitrary
+ * user being executed as user SlurmUser, disable all other
+ * users from setting triggers. */
+ rc = EPERM;
+ goto fini;
+ }
+
if (trigger_list == NULL) {
trigger_list = list_create(_trig_del);
} else if ((uid != 0) &&
@@ -756,7 +771,7 @@ static void _trigger_node_event(trig_mgr_info_t *trig_in, time_t now)
static void _trigger_run_program(trig_mgr_info_t *trig_in)
{
- char program[1024], arg0[1024], arg1[1024], *pname;
+ char program[1024], arg0[1024], arg1[1024], user_name[1024], *pname;
uid_t uid;
gid_t gid;
pid_t child;
@@ -771,6 +786,8 @@ static void _trigger_run_program(trig_mgr_info_t *trig_in)
strncpy(arg1, trig_in->res_id, sizeof(arg1));
uid = trig_in->user_id;
gid = trig_in->group_id;
+ snprintf(user_name, sizeof(user_name), "%s", uid_to_string(uid));
+
child = fork();
if (child > 0) {
trig_in->group_id = child;
@@ -782,6 +799,7 @@ static void _trigger_run_program(trig_mgr_info_t *trig_in)
setsid();
setuid(uid);
setgid(gid);
+ initgroups(user_name, -1);
execl(program, arg0, arg1, NULL);
exit(1);
} else
--
GitLab