Hi Miguel, On Thursday 10 April 2008 08:24:47 Miguel Ros wrote: > we have some problems with LD_PRELOAD attacks (with the > fakeroot program) to the mclient commands. With fakeroot, > an unprivileged user can increase his privileges to ADMIN1 > level easily.
IMHO, this is a non-issue. Maui (and presumably, moab) does not provide user-level authentication, only host-level authentication via IP address. The user-based authentication is a fig-leaf: the client specifies which user they are and the server believes them. There's some effort to provide authenticated clients (a shared password), but it is ineffective and actually works against some production deployments. This is in contrast to how torque provides security. From memory, the client obtains a token from a suid binary. The suid binary communicates with the server to obtain a challenge the server issues. This works with privileged ports (<1024), so mandating the suid-bit. HTH, Paul. _______________________________________________ mauiusers mailing list [email protected] http://www.supercluster.org/mailman/listinfo/mauiusers
