#7 security problems

closed-invalid
None
7
2001-04-10
2001-03-09
Thomas Laun
No

Did it ever occur to you that GNU Queue is something like a trojan horse? Here is why:

Have your admin install queued as root on any server so that you can submit jobs there from your computer (i.e. have your computer added to the qhostfile). Now log into your own computer as root and use a command like:
queue -h server -- passwd
and the server is yours!

This works because the queued daemon has root privileges on the server. When a job is transmitted, only the user id (not the password) is used by queued on the server to run the command. Thus it is possible to execute root commands on the server without the need for the root password.

This means never start queued as root!

An instant sollution would be to run queued as an unprivileged user. In that case, you could also ommit the no_root_squash option for the nfs-exported directory.

Another way would be to by default dissallow queued to execute commands as root.

Discussion

  • Thomas Laun

    Thomas Laun - 2001-03-12
    • priority: 5 --> 7
     
  • Sam Liddicott

    Sam Liddicott - 2001-04-05

    Logged In: YES
    user_id=189629

    This is a social engineering security problem.

    The sysadmin of one machine should NOT be granting queued
    access to his machine from another machine where he does
    not trust root of that other machine.

    Under "normal" circumstances the sysadmin will control root
    access to all the machines in the cluster.

     
  • Werner G Krebs

    Werner G Krebs - 2001-04-10

    Logged In: YES
    user_id=32209

    Samjam is correct. This is not a security problem but an
    example of misinstallation of Queue.

    When installed Queue with root privileges, it is assumed
    that root has access to all machines in the cluster.

    For installation situations where this is not the case,
    Queue can be installed for individual users, in which case
    this is not a problem.

    If you are working on a cluster where some users have root
    on some machines but not others, there are usually other
    security problems as well (eg. NFS).

     
  • Werner G Krebs

    Werner G Krebs - 2001-04-10
    • status: open --> open-invalid
     
  • Werner G Krebs

    Werner G Krebs - 2001-04-10

    Logged In: YES
    user_id=32209

    Samjam is correct. This is not a security problem but an
    example of misinstallation of Queue.

    When installed Queue with root privileges, it is assumed
    that root has access to all machines in the cluster.

    For installation situations where this is not the case,
    Queue can be installed for individual users, in which case
    this is not a problem.

    If you are working on a cluster where some users have root
    on some machines but not others, there are usually other
    security problems as well (eg. NFS).

     
  • Werner G Krebs

    Werner G Krebs - 2001-04-10
    • assigned_to: nobody --> wkrebs
    • status: open-invalid --> closed-invalid
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks