On Tue, Jan 21, 2020 at 03:51:01PM +0000, Skylar Thompson wrote: > -V strips out PATH and LD_LIBRARY_PATH for security reasons, since prolog
I don't think this is the case. I've just experimented with one of our 8.1.9 clusters and I can set arbitrary PATHs run qsub -V and have the value I set show up in the environment of the job. More likely the job is being run with a shell that is configured as a login shell and the init scripts for the shell are stomping on the value of PATH. > and epilog scripts run with the submission environment but possibly in the > context of a different user (i.e. a user could point a root-running prolog > script at compromised binaries or C library). This is something slightly different. The prolog and epilog used to run with the exact same environment as the job. This opened up an attack vector , especially if the prolog or epilog were run as a privileged user rather than the job owner. The environment in which the prolog and eiplog are run is now sanitised. William
signature.asc
Description: PGP signature
_______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
