Overview

File Fix-security-issue-in-Prolog-Epilog-Slurmctld-by-always-prepending-SPANK_.patch of Package slurm.25998

From: Egbert Eich <eich@suse.com>
Date: Wed May 19 22:18:14 2021 +0200
Subject: Fix security issue in {Prolog,Epilog}Slurmctld by always prepending SPANK_.
Patch-mainline: a9e9e2fedbd200ca545ab67dd753bd52c919f236
Git-commit: 46e4b1d8bdf15c11ef3ef12114e1a0a20a3ca5b6
References: bnc#1186024

To all user-set environment variables.

CVE-2021-31215.

Signed-off-by: Egbert Eich <eich@suse.com>
---
 src/slurmctld/job_scheduler.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/src/slurmctld/job_scheduler.c b/src/slurmctld/job_scheduler.c
index d2e0f93..7dc5115 100644
--- a/src/slurmctld/job_scheduler.c
+++ b/src/slurmctld/job_scheduler.c
@@ -3955,6 +3955,8 @@ static char **_build_env(struct job_record *job_ptr, bool is_epilog)
 	if (job_ptr->spank_job_env_size) {
 		env_array_merge(&my_env,
 				(const char **) job_ptr->spank_job_env);
+		valid_spank_job_env(my_env, job_ptr->spank_job_env_size,
+				    job_ptr->user_id);
 	}
 
 #if defined HAVE_ALPS_CRAY
openSUSE Build Service is sponsored by
Places