File Fix-security-issue-in-Prolog-Epilog-Slurmctld-by-always-prepending-SPANK_.patch of Package slurm.25998
From: Egbert Eich <eich@suse.com>
Date: Wed May 19 22:18:14 2021 +0200
Subject: Fix security issue in {Prolog,Epilog}Slurmctld by always prepending SPANK_.
Patch-mainline: a9e9e2fedbd200ca545ab67dd753bd52c919f236
Git-commit: 46e4b1d8bdf15c11ef3ef12114e1a0a20a3ca5b6
References: bnc#1186024
To all user-set environment variables.
CVE-2021-31215.
Signed-off-by: Egbert Eich <eich@suse.com>
---
src/slurmctld/job_scheduler.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/slurmctld/job_scheduler.c b/src/slurmctld/job_scheduler.c
index d2e0f93..7dc5115 100644
--- a/src/slurmctld/job_scheduler.c
+++ b/src/slurmctld/job_scheduler.c
@@ -3955,6 +3955,8 @@ static char **_build_env(struct job_record *job_ptr, bool is_epilog)
if (job_ptr->spank_job_env_size) {
env_array_merge(&my_env,
(const char **) job_ptr->spank_job_env);
+ valid_spank_job_env(my_env, job_ptr->spank_job_env_size,
+ job_ptr->user_id);
}
#if defined HAVE_ALPS_CRAY