[torquedev] patch: gssapi: check permissions on server_priv/creds/

[Sergio Gelato]

* Garrick Staples [2007-02-25 18:29:24 -0700]:
> > +	@INCLUDE_GSSAPI_TRUE@ chk_tree_wrap -d -n -u 077 $PBS_SERVER_HOME/server/priv/creds || return 1
> > +	@INCLUDE_GSSAPI_TRUE@ chk_tree_wrap -d -u 077 $PBS_SERVER_HOME/server/priv/creds || return 1
> 
> Btw, should have been "server_priv/creds".

Thanks. I admit I didn't fully test that script, due to the way my build 
process works. (I'm building Debian packages using pbuilder and the 
chk_tree bits need to run after installation, at which point I no longer 
have that script around.)

> > --- torque-2.1.99+r1247/src/lib/Liblog/chk_file_sec.c	2007-02-25 22:23:40.302825683 +0100
> > +++ /tmp/dpep.gFzfbd/torque-2.1.99+r1247/src/lib/Liblog/chk_file_sec.c	2007-02-25 22:29:13.056630142 +0100
> > @@ -250,6 +250,12 @@
> >          rc = EACCES;
> >          }
> >        }
> > +
> > +    /* check any remaining bits */
> > +
> > +    if (i & disallow & ~(S_IWGRP|S_IWOTH))
> > +      rc = EACCES;
> > +
> 
> Everytime we change this code, we break someone's odd corner case with
> symlinks and NFS.  I've gone ahead and applied the patch, but be sure to
> watch the list for the eventual complaint :)

I think this particular one is safe. I haven't seen any place in the
code base where chk_file_sec() was called with any other bits than S_IWGRP
and/or S_IWOTH, until now. And without this addition chk_file_sec()
won't notice if the creds/ directory is world-readable, so I didn't
really have a choice.

Yes, (StockholmU) will do. And you're right about --with-server-name-file, 
it only affects the clients; sorry for the slip. (pbs_server has better 
ways of figuring out its own hostname.)