Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
slurm
U_03-Restrict-PMIx-temp-directory-permissions-t...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_03-Restrict-PMIx-temp-directory-permissions-to-0700.patch of Package slurm
From: Tim Wickberg <tim@schedmd.com> Date: Wed Oct 11 12:45:25 2023 -0600 Subject: [PATCH 3/19]Restrict PMIx temp directory permissions to 0700. Patch-mainline: Upstream Git-repo: https://github.com/SchedMD/slurm Git-commit: eddf8ca4f94c3e7b38a8c223e1d0877a0e06be12 References: CVE-2022-29500, bsc#1216207 Signed-off-by: Egbert Eich <eich@suse.de> The root group does not need the group permissions to be able to interact with the contents of the directory. --- src/plugins/mpi/pmix/pmixp_utils.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/plugins/mpi/pmix/pmixp_utils.c b/src/plugins/mpi/pmix/pmixp_utils.c index d950c06890..aea93954aa 100644 --- a/src/plugins/mpi/pmix/pmixp_utils.c +++ b/src/plugins/mpi/pmix/pmixp_utils.c @@ -541,8 +541,7 @@ int pmixp_rmdir_recursively(char *path) int pmixp_mkdir(char *path) { - mode_t rights = (S_IRUSR | S_IWUSR | S_IXUSR) | - (S_IRGRP | S_IWGRP | S_IXGRP); + mode_t rights = (S_IRUSR | S_IWUSR | S_IXUSR); /* NOTE: we need user who owns the job to access PMIx usock * file. According to 'man 7 unix': @@ -553,7 +552,7 @@ int pmixp_mkdir(char *path) * access to the unix socket we do the following: * 1. Owner ID is set to the job owner. * 2. Group ID corresponds to slurmstepd. - * 3. Set 0770 access mode + * 3. Set 0700 access mode */ if (0 != mkdir(path, rights) ) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor