The Globus team is pleased to announce an update to the available
binaries of GT4.0.7.
Security Fix:
Previous versions of GT4.0.x binaries contained a security flaw that
has now been fixed in GT4.0.7. The security flaw could allow code
injection on computers with a world-writable /home/condor/execute
directory. Details are available here:
http://www.globus.org/toolkit/rpaths.html
The updated binaries are:
gt4.0.7-ia64_sles_9-installer.tar.gz
gt4.0.7-ppc_macos_10.4-installer.tar.gz
gt4.0.7-x86_deb_3.1-installer.tar.gz
gt4.0.7-x86_macos_10.4-installer.tar.gz
The RHAS and Fedore Core installers were unaffected, as their RPATHs
had already been removed. It is possible that the Solaris and AIX
binaries are still affected, in which case users with a world-
writeable /home/condor/execute directory can follow the remedies
listed at the bottom of the advisory at http://www.globus.org/toolkit/rpaths.html
Linux users who have binaries that still have RPATHs in them may
remove the using the chrpath tool, available at http://vdt.cs.wisc.edu/nmi/chrpath-0.13.tar.gz
. Mac users may use the install_name_tool to change an executable's
search location for libraries.
Charles Bacon
