Hi All, Checkpoint directory will store user data and it is better to keep it with minimum access right, like 700, in case of information leak.
Current situation: User can specify a checkpoint directory(we called "root chp dir" for convenience) through configuration system, either single mode or session mode. In single mode, the job running will create a sub directory under root chp dir using its job id and write checkpoint files into it. In session mode, every job running in that session will create their own sub directory under root chp dir using their own job id and write checkpoint files into it. Now in session mode, we don't isolate users who submit jobs to this session, so it is to say no matter who submit jobs to this session, we think jobs ran by same user(who start this session) as long as it passed authentication(not supported now, will do in future). Information Leak Threat: Assume user1 submits a job(no matter single or session mode) and writes checkpoint files into file systems, using default permission, let's say 755, in most cases. Then user2 can directly read checkpoint files written by user1 and can get user1's data. Solution: The simplest way to fix this is to set permission of sub directories for each job to minimum(like 700, we can also make it configurable) in creation. What do you think guys? Wang Tao wangtao...@huawei.com<mailto:wangtao...@huawei.com> Huawei Technologies Co., Ltd.
