File Fix-Authentication-Bypass-when-Message-Aggregat... of Package slurm.31097

Overview Repositories Revisions Requests Users Attributes Meta

File Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch of Package slurm.31097

From: Egbert Eich <eich@suse.com>
Date: Tue Jul 7 09:59:21 2020 +0200
Subject: Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693
Patch-mainline: N/A
Git-commit: 66d16879f4dd0f5f88c0e800997d6b9b674cccb5
References: bsc#1172004

This fixes and issue where authentication could be bypassed via an alternate
path or channel when message Aggregation was enabled.
A race condition allowed a user to launch a process as an arbitrary user.
(CVE-2020-12693, bsc#1172004).

Signed-off-by: Egbert Eich <eich@suse.com>
---
 src/slurmd/slurmd/req.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/slurmd/slurmd/req.c b/src/slurmd/slurmd/req.c
index f176cc9..b07d3f6 100644
--- a/src/slurmd/slurmd/req.c
+++ b/src/slurmd/slurmd/req.c
@@ -2291,7 +2291,7 @@ _rpc_batch_job(slurm_msg_t *msg, bool new_msg)
 	bool	 replied = false, revoked;
 	slurm_addr_t *cli = &msg->orig_addr;
 
-	if (new_msg) {
+	if (1 || new_msg) {
 		uid_t req_uid = g_slurm_auth_get_uid(msg->auth_cred,
 						     conf->auth_info);
 		if (!_slurm_authorized_user(req_uid)) {
@@ -5335,7 +5335,9 @@ _rpc_complete_batch(slurm_msg_t *msg)
 			msg->data = NULL;
 
 			msg_aggr_add_msg(req_msg, 1,
-					 _handle_old_batch_job_launch);
+					 running_serial ?
+					 _handle_old_batch_job_launch :
+					 NULL);
 			return;
 		} else {
 			slurm_msg_t req_msg;

Places

File Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch of Package slurm.31097

Places