Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

retag of v1.3.14

  • Loading branch information...
commit 0af2fcbb879ebd8af95d1c73a5ba9649ac802059 2 parents 63f928c + 0d49749
Morris Jette jette authored

Showing 2 changed files with 14 additions and 4 deletions. Show diff stats Hide diff stats

  1. +2 1  NEWS
  2. +12 3 src/slurmctld/trigger_mgr.c
3  NEWS
@@ -4,7 +4,8 @@ documents those changes that are of interest to users and admins.
4 4 * Changes in SLURM 1.3.14
5 5 =========================
6 6 -- SECURITY BUG: Fix in sbcast logic that permits users to write files based
7   - upon supplimental groups of the slurmd daemon.
  7 + upon supplimental groups of the slurmd daemon. Similar logic for event
  8 + triggers if slurmctld is run as user root (not typical).
8 9
9 10 * Changes in SLURM 1.3.13
10 11 =========================
15 src/slurmctld/trigger_mgr.c
@@ -985,9 +985,18 @@ static void _trigger_run_program(trig_mgr_info_t *trig_in)
985 985 setpgrp();
986 986 #endif
987 987 setsid();
988   - setuid(uid);
989   - setgid(gid);
990   - initgroups(user_name, -1);
  988 + if (initgroups(user_name, gid) == -1) {
  989 + error("trigger: initgroups: %m");
  990 + exit(1);
  991 + }
  992 + if (setgid(uid) == -1) {
  993 + error("trigger: setgid: %m");
  994 + exit(1);
  995 + }
  996 + if (setuid(gid) == -1) {
  997 + error("trigger: setuid: %m");
  998 + exit(1);
  999 + }
991 1000 execl(program, arg0, arg1, NULL);
992 1001 exit(1);
993 1002 } else

0 comments on commit 0af2fcb

Please sign in to comment.
Something went wrong with that request. Please try again.