sys-cluster/torque/files/TRQ-2885-limit-tm_adopt-to-only-adopt-a-session-id-t.patch - platform/external/gentoo/overlays/gentoo - Git at Google

 From f2f4c950f3d461a249111c8826da3beaafccace9 Mon Sep 17 00:00:00 2001
 From: Chad Vizino <cvizino@adaptivecomputing.com>
 Date: Tue, 23 Sep 2014 17:40:59 -0600
 Subject: [PATCH 1/2] TRQ-2885 - limit tm_adopt() to only adopt a session id
  that is owned by the calling user.

 ---
  src/cmds/pbs_track.c             |  6 ++++++
  src/include/tm.h                 |  2 +-
  src/include/tm_.h                |  1 +
  src/lib/Libifl/tm.c              | 37 ++++++++++++++++++++++++++++++++++---
  5 files changed, 56 insertions(+), 4 deletions(-)

 diff --git a/src/cmds/pbs_track.c b/src/cmds/pbs_track.c
 index 7a90fda..9383ea5 100644
 --- a/src/cmds/pbs_track.c
 +++ b/src/cmds/pbs_track.c
 @@ -164,6 +164,12 @@ int main(

          break;

 +      case TM_EPERM:
 +
 +        fprintf(stderr, "pbs_track: permission denied: %s (%d)\n",
 +                pbse_to_txt(rc),
 +                rc);
 +
        default:

          /* Unexpected error occurred */
 diff --git a/src/include/tm.h b/src/include/tm.h
 index 106d3fb..2288828 100644
 --- a/src/include/tm.h
 +++ b/src/include/tm.h
 @@ -125,7 +125,7 @@ int tm_register(tm_whattodo_t *what,
  /*
   *  DJH 15 Nov 2001.
   *  Generic "out-of-band" task adoption call for tasks parented by
 - *  another job management system.  Minor security hole?
 + *  another job management system.
   *  Cannot be called with any other tm call.
   *  26 Feb 2002. Allows id to be jobid (adoptCmd = TM_ADOPT_JOBID)
   *  or some altid (adoptCmd = TM_ADOPT_ALTID)
 diff --git a/src/include/tm_.h b/src/include/tm_.h
 index c9393b9..8cae7b0 100644
 --- a/src/include/tm_.h
 +++ b/src/include/tm_.h
 @@ -136,6 +136,7 @@ typedef unsigned int tm_task_id;
  #define TM_EBADENVIRONMENT 17005
  #define TM_ENOTFOUND  17006
  #define TM_BADINIT  17007
 +#define TM_EPERM  17008

  #define TM_TODO_NOP 5000 /* Do nothing (the nodes value may be new) */
  #define TM_TODO_CKPT 5001 /* Checkpoint <what> and continue it */
 diff --git a/src/lib/Libifl/iff --git a/src/lib/Libifl/tm.c b/src/lib/Libifl/tm.c
 index edb6273..4f38529 100644
 --- a/src/lib/Libifl/tm.c
 +++ b/src/lib/Libifl/tm.c
 @@ -94,6 +94,7 @@
  #include <errno.h>
  #include <assert.h>
  #include <sys/types.h>
 +#include <sys/stat.h>
  #include <sys/socket.h>
  #include <sys/time.h>
  #include <netinet/in.h>
 @@ -169,6 +170,31 @@ typedef struct event_info
  static event_info *event_hash[EVENT_HASH];

  /*
 + * check if the owner of this process matches the owner of pid
 + *  returns TRUE if so, FALSE otherwise
 + */
 +bool ispidowner(pid_t pid)
 +  {
 +  char        path[MAXPATHLEN];
 +  struct stat sbuf;
 +
 +  /* build path to pid */
 +  snprintf(path, sizeof(path), "/proc/%d", pid);
 +
 +  /* do the stat */
 +  /*   if it fails, assume not owner */
 +  if (stat(path, &sbuf) != 0)
 +    return(FALSE);
 +
 +  /* see if caller is the owner of pid */
 +  if (getuid() != sbuf.st_uid)
 +    return(FALSE);
 +
 +  /* caller is owner */
 +  return(TRUE);
 +  }
 +
 +/*
  ** Find an event number or return a NULL.
  */
  event_info *find_event(
 @@ -1800,8 +1826,8 @@ tm_poll_error:
   *     some mpiruns simply use rsh to start remote processes - no AMS
   *     tracking or management facilities are available.
   *
 - *     This function allows any task (session) to be adopted into a PBS
 - *     job. It is used by:
 + *     This function allows any task (session) owned by the owner
 + *     of the job to be adopted into a PBS job. It is used by:
   *         -  "adopter" (which is in turn used by our pvmrun)
   *         -  our rmsloader wrapper (a home-brew replacement for RMS'
   *            rmsloader that does some work and then exec()s the real
 @@ -1835,7 +1861,8 @@ tm_poll_error:
   *     the mom. Returns TM_ENOTFOUND if the mom couldn't find a job
   *     with the given RMS resource id. Returns TM_ESYSTEM or
   *     TM_ENOTCONNECTED if there was some sort of comms error talking
 - *     to the mom
 + *     to the mom. Returns TM_EPERM if an attempt was made to adopt
 + *     a session not owned by the owner of the job.
   *
   * Side effects:
   *     Sets the tm_* globals to fake values if tm_init() has never
 @@ -1860,6 +1887,10 @@ int tm_adopt(

    sid = getsid(pid);

 +  /* do not adopt a sid not owned by caller */
 +  if (!ispidowner(sid))
 +    return(TM_EPERM);
 +
    /* Must be the only call to call to tm and
       must only be called once */

 --
 1.8.3.2
	From f2f4c950f3d461a249111c8826da3beaafccace9 Mon Sep 17 00:00:00 2001
	From: Chad Vizino <cvizino@adaptivecomputing.com>
	Date: Tue, 23 Sep 2014 17:40:59 -0600
	Subject: [PATCH 1/2] TRQ-2885 - limit tm_adopt() to only adopt a session id
	that is owned by the calling user.

	---
	src/cmds/pbs_track.c \| 6 ++++++
	src/include/tm.h \| 2 +-
	src/include/tm_.h \| 1 +
	src/lib/Libifl/tm.c \| 37 ++++++++++++++++++++++++++++++++++---
	5 files changed, 56 insertions(+), 4 deletions(-)

	diff --git a/src/cmds/pbs_track.c b/src/cmds/pbs_track.c
	index 7a90fda..9383ea5 100644
	--- a/src/cmds/pbs_track.c
	+++ b/src/cmds/pbs_track.c
	@@ -164,6 +164,12 @@ int main(

	break;

	+ case TM_EPERM:
	+
	+ fprintf(stderr, "pbs_track: permission denied: %s (%d)\n",
	+ pbse_to_txt(rc),
	+ rc);
	+
	default:

	/* Unexpected error occurred */
	diff --git a/src/include/tm.h b/src/include/tm.h
	index 106d3fb..2288828 100644
	--- a/src/include/tm.h
	+++ b/src/include/tm.h
	@@ -125,7 +125,7 @@ int tm_register(tm_whattodo_t *what,
	/*
	* DJH 15 Nov 2001.
	* Generic "out-of-band" task adoption call for tasks parented by
	- * another job management system. Minor security hole?
	+ * another job management system.
	* Cannot be called with any other tm call.
	* 26 Feb 2002. Allows id to be jobid (adoptCmd = TM_ADOPT_JOBID)
	* or some altid (adoptCmd = TM_ADOPT_ALTID)
	diff --git a/src/include/tm_.h b/src/include/tm_.h
	index c9393b9..8cae7b0 100644
	--- a/src/include/tm_.h
	+++ b/src/include/tm_.h
	@@ -136,6 +136,7 @@ typedef unsigned int tm_task_id;
	#define TM_EBADENVIRONMENT 17005
	#define TM_ENOTFOUND 17006
	#define TM_BADINIT 17007
	+#define TM_EPERM 17008

	#define TM_TODO_NOP 5000 /* Do nothing (the nodes value may be new) */
	#define TM_TODO_CKPT 5001 /* Checkpoint <what> and continue it */
	diff --git a/src/lib/Libifl/iff --git a/src/lib/Libifl/tm.c b/src/lib/Libifl/tm.c
	index edb6273..4f38529 100644
	--- a/src/lib/Libifl/tm.c
	+++ b/src/lib/Libifl/tm.c
	@@ -94,6 +94,7 @@
	#include <errno.h>
	#include <assert.h>
	#include <sys/types.h>
	+#include <sys/stat.h>
	#include <sys/socket.h>
	#include <sys/time.h>
	#include <netinet/in.h>
	@@ -169,6 +170,31 @@ typedef struct event_info
	static event_info *event_hash[EVENT_HASH];

	/*
	+ * check if the owner of this process matches the owner of pid
	+ * returns TRUE if so, FALSE otherwise
	+ */
	+bool ispidowner(pid_t pid)
	+ {
	+ char path[MAXPATHLEN];
	+ struct stat sbuf;
	+
	+ /* build path to pid */
	+ snprintf(path, sizeof(path), "/proc/%d", pid);
	+
	+ /* do the stat */
	+ /* if it fails, assume not owner */
	+ if (stat(path, &sbuf) != 0)
	+ return(FALSE);
	+
	+ /* see if caller is the owner of pid */
	+ if (getuid() != sbuf.st_uid)
	+ return(FALSE);
	+
	+ /* caller is owner */
	+ return(TRUE);
	+ }
	+
	+/*
	** Find an event number or return a NULL.
	*/
	event_info *find_event(
	@@ -1800,8 +1826,8 @@ tm_poll_error:
	* some mpiruns simply use rsh to start remote processes - no AMS
	* tracking or management facilities are available.
	*
	- * This function allows any task (session) to be adopted into a PBS
	- * job. It is used by:
	+ * This function allows any task (session) owned by the owner
	+ * of the job to be adopted into a PBS job. It is used by:
	* - "adopter" (which is in turn used by our pvmrun)
	* - our rmsloader wrapper (a home-brew replacement for RMS'
	* rmsloader that does some work and then exec()s the real
	@@ -1835,7 +1861,8 @@ tm_poll_error:
	* the mom. Returns TM_ENOTFOUND if the mom couldn't find a job
	* with the given RMS resource id. Returns TM_ESYSTEM or
	* TM_ENOTCONNECTED if there was some sort of comms error talking
	- * to the mom
	+ * to the mom. Returns TM_EPERM if an attempt was made to adopt
	+ * a session not owned by the owner of the job.
	*
	* Side effects:
	* Sets the tm_* globals to fake values if tm_init() has never
	@@ -1860,6 +1887,10 @@ int tm_adopt(

	sid = getsid(pid);

	+ /* do not adopt a sid not owned by caller */
	+ if (!ispidowner(sid))
	+ return(TM_EPERM);
	+
	/* Must be the only call to call to tm and
	must only be called once */

	--
	1.8.3.2