bd06e0c765
- Updated to 16.05.8.1
* Remove StoragePass from being printed out in the slurmdbd log at debug2
level.
* Defer PATH search for task program until launch in slurmstepd.
* Modify regression test1.89 to avoid leaving vestigial job. Also reduce
logging to reduce likelyhood of Expect buffer overflow.
* Do not PATH search for mult-prog launches if LaunchParamters=test_exec is
enabled.
* Fix for possible infinite loop in select/cons_res plugin when trying to
satisfy a job's ntasks_per_core or socket specification.
* If job is held for bad constraints make it so once updated the job doesn't
go into JobAdminHeld.
* sched/backfill - Fix logic to reserve resources for jobs that require a
node reboot (i.e. to change KNL mode) in order to start.
* When unpacking a node or front_end record from state and the protocol
version is lower than the min version, set it to the min.
* Remove redundant lookup for part_ptr when updating a reservation's nodes.
* Fix memory and file descriptor leaks in slurmd daemon's sbcast logic.
* Do not allocate specialized cores to jobs using the --exclusive option.
* Cancel interactive job if Prolog failure with "PrologFlags=contain" or
"PrologFlags=alloc" configured. Send new error prolog failure message to
the salloc or srun command as needed.
* Prevent possible out-of-bounds read in slurmstepd on an invalid #! line.
* Fix check for PluginDir within slurmctld to work with multiple directories.
* Cancel interactive jobs automatically on communication error to launching
srun/salloc process.
* Fix security issue caused by insecure file path handling triggered by the
failure of a Prolog script. To exploit this a user needs to anticipate or
cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371).
- Replace group/user add macros with function calls.
- Disable building with netloc support: the netloc API is part of the devel
branch of hwloc. Since this devel branch was included accidentally and has
been reversed since, we need to disable this for the time being.
- Conditionalized architecture specific pieces to support non-x86 architectures
better.
- Remove: unneeded 'BuildRequires: python'
- Add:
BuildRequires: freeipmi-devel
BuildRequires: libibmad-devel
BuildRequires: libibumad-devel
so they are picked up by the slurm build.
- Enable modifications from openHPC Project.
- Enable lua API package build.
- Add a recommends for slurm-munge to the slurm package:
This is way, the munge auth method is available and slurm
works out of the box.
- Create /var/lib/slurm as StateSaveLocation directory.
/tmp is dangerous.
- Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE.
OBS-URL: https://build.opensuse.org/request/show/454272
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=13
83 lines
2.7 KiB
Diff
83 lines
2.7 KiB
Diff
From: Sebastian Krahmer <krahmer@suse.com>
|
|
Date: Thu Feb 2 09:49:38 2017 +0100
|
|
Subject: [PATCH]pam_slurm: Initialize arrays and pass sizes
|
|
Git-repo: https://github.com/SchedMD/slurm
|
|
Git-commit: fbfbb90f6a2e7f134220991ed3263894ba365411
|
|
References: bsc#1007053
|
|
Signed-off-by: Egbert Eich <eich@suse.de>
|
|
|
|
PAM is security critical:
|
|
- clear arrays
|
|
- ensure strings are NULL-terminated.
|
|
|
|
Signed-off-by: Egbert Eich <eich@suse.com>
|
|
---
|
|
contribs/pam/pam_slurm.c | 20 +++++++++++---------
|
|
1 file changed, 11 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c
|
|
index 0968a9c..ee179d5 100644
|
|
--- a/contribs/pam/pam_slurm.c
|
|
+++ b/contribs/pam/pam_slurm.c
|
|
@@ -266,9 +266,9 @@ static int
|
|
_gethostname_short (char *name, size_t len)
|
|
{
|
|
int error_code, name_len;
|
|
- char *dot_ptr, path_name[1024];
|
|
+ char *dot_ptr, path_name[1024] = {0};
|
|
|
|
- error_code = gethostname(path_name, sizeof(path_name));
|
|
+ error_code = gethostname(path_name, sizeof(path_name) - 1);
|
|
if (error_code)
|
|
return error_code;
|
|
|
|
@@ -296,11 +296,11 @@ static int
|
|
_slurm_match_allocation(uid_t uid)
|
|
{
|
|
int authorized = 0, i;
|
|
- char hostname[MAXHOSTNAMELEN];
|
|
+ char hostname[MAXHOSTNAMELEN] = {0};
|
|
char *nodename = NULL;
|
|
job_info_msg_t * msg;
|
|
|
|
- if (_gethostname_short(hostname, sizeof(hostname)) < 0) {
|
|
+ if (_gethostname_short(hostname, sizeof(hostname) - 1) < 0) {
|
|
_log_msg(LOG_ERR, "gethostname: %m");
|
|
return 0;
|
|
}
|
|
@@ -409,7 +409,7 @@ _send_denial_msg(pam_handle_t *pamh, struct _options *opts,
|
|
*/
|
|
extern void libpam_slurm_init (void)
|
|
{
|
|
- char libslurmname[64];
|
|
+ char libslurmname[64] = {0};
|
|
|
|
if (slurm_h)
|
|
return;
|
|
@@ -417,10 +417,10 @@ extern void libpam_slurm_init (void)
|
|
/* First try to use the same libslurm version ("libslurm.so.24.0.0"),
|
|
* Second try to match the major version number ("libslurm.so.24"),
|
|
* Otherwise use "libslurm.so" */
|
|
- if (snprintf(libslurmname, sizeof(libslurmname),
|
|
+ if (snprintf(libslurmname, sizeof(libslurmname) - 1,
|
|
"libslurm.so.%d.%d.%d", SLURM_API_CURRENT,
|
|
SLURM_API_REVISION, SLURM_API_AGE) >=
|
|
- sizeof(libslurmname) ) {
|
|
+ sizeof(libslurmname) - 1) {
|
|
_log_msg (LOG_ERR, "Unable to write libslurmname\n");
|
|
} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
|
|
return;
|
|
@@ -429,8 +429,10 @@ extern void libpam_slurm_init (void)
|
|
libslurmname, dlerror ());
|
|
}
|
|
|
|
- if (snprintf(libslurmname, sizeof(libslurmname), "libslurm.so.%d",
|
|
- SLURM_API_CURRENT) >= sizeof(libslurmname) ) {
|
|
+ memset(libslurmname, 0, sizeof(libslurmname));
|
|
+
|
|
+ if (snprintf(libslurmname, sizeof(libslurmname) - 1, "libslurm.so.%d",
|
|
+ SLURM_API_CURRENT) >= sizeof(libslurmname) - 1) {
|
|
_log_msg (LOG_ERR, "Unable to write libslurmname\n");
|
|
} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
|
|
return;
|