HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users
World
Developers

HTCondor Week
Throughput Computing 2023
Workshop Archives

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

CONDOR-2006-0008

Summary:

On Windows platforms and potentially some old versions of UNIX, if the persistent configuration changes are allowed, then it is possible that an attacker may be able to change the configuration of the machine, which could lead to a root compromise. Persistent configuration changes through the use of condor_config_val is disabled by default, which prevents this vulnerability.

Component	Vulnerable Versions	Platform	Availability	Fix Available
all Condor daemons	all 6.6 & 6.7 6.8.0	Windows old UNIX's	not known to be publicly available	6.8.1 -
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	local ordinary user	any Condor daemon host	high	high
Fixed Date	Credit
2006-Sep-19	Jim Kupsch

Access Required:

local ordinary user

This vulnerability requires local access on a machine running a condor daemon. This is exploitable only on a host running the Windows operating system or an old version of UNIX.

Effort Required:

high

The system must also be configured to use persistent configuration changes, and the attacker needs to win a race condition.

Impact/Consequences:

high

If the attacker is successful they can control the configuration of all the Condor daemons on the host, they can gain root access.

Full Details:

A temporary file is created in the /tmp directory containing the contents of the persistent configuration changes that were made. This file is then read to set the actual configuration. Persistent configuration file changes are disabled by default.

The file is created using mkstemp where it exists, but on systems without mkstemp (Windows and old versions of UNIX), the name of the file is created using the tmpnam function, and then opened without using O_EXCL. This allows for a race condition where someone may create a file or symbolic link to the pathname. The attacker can then modify the contents of this file to change any option in the system, except those defined in the root configuration file. Since one of the items in the configuration file is the list of daemons to start as root, a root compromise is possible.

Cause:

race condition

The cause of this is a file system race condition by using the unsafe tmpnam function to create a filename in the /tmp directory and is subsequently not created in a safe fashion.

Proposed Fix:

Use the condor_mkstemp function that does exist on all platforms and creates a temporary file in a safe fashion and returns a FILE handle to the opened file instead of just the pathname.

Actual Fix:

As proposed.

Acknowledgment:

This research funded in part by National Science Foundation under subcontract with San Diego Supercomputer Center.

Join Us at Throughput Computing 2024, July 8 - 12

“Becoming part of something bigger” motivates campus contributions to the OSPool

Through the use of high throughput computing, NRAO delivers one of the deepest radio images of space

Astronomers and Engineers Use a Grid of Computers at a National Scale to Study the Universe 300 Times Faster

Ecologists utilizing HTC to examine the effects of megafires on wildlife

Learning and adapting with OSG: Investigating the strong nuclear force

What is HTCSS?

CONDOR-2006-0008