[Mauiusers] Maui LD_PRELOAD attack
Paul Millar
p.millar at physics.gla.ac.uk
Thu Apr 10 06:28:15 MDT 2008
Hi Miguel,
On Thursday 10 April 2008 08:24:47 Miguel Ros wrote:
> we have some problems with LD_PRELOAD attacks (with the
> fakeroot program) to the mclient commands. With fakeroot,
> an unprivileged user can increase his privileges to ADMIN1
> level easily.
IMHO, this is a non-issue.
Maui (and presumably, moab) does not provide user-level authentication, only
host-level authentication via IP address. The user-based authentication is a
fig-leaf: the client specifies which user they are and the server believes
them. There's some effort to provide authenticated clients (a shared
password), but it is ineffective and actually works against some production
deployments.
This is in contrast to how torque provides security. From memory, the client
obtains a token from a suid binary. The suid binary communicates with the
server to obtain a challenge the server issues. This works with privileged
ports (<1024), so mandating the suid-bit.
HTH,
Paul.
More information about the mauiusers
mailing list